SLAC has recently started supporting ssh2 with kerberos5 ticket forwarding to allow access to AFS on SLAC unix. After some experimenting I have found that the following tools work very well together to provide convenient access to SLAC unix from windows. Using these tools it is possible to sign on once using MIT kerberos with your unix username/password and use that token for access to AFS, ssh, cvs and scp.

Tools

OpenAFS

MIT NetIdMgr (1.3.0.0)

Available as part of http://web.mit.edu/kerberos/dist/index.html#kfw-3.2

PuTTy (0.58 with GSSAPI extensions)

There are many versions of putty which claim to have GSS extensions, but the only one I had success with is this one: http://www.sweb.cz/v_t_m/putty/PuTTY-0.58-GSSAPI-2005-07-24.zip

WinSCP (4.05)

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels

1 Comment

  1. Unknown User (dsneddon)

    The latest version of PuTTY has integrated GSSAPI functionality, so it is no longer necessary to use the forked version. There are some security enhancements, too, so it is a good idea to upgrade to the latest version (0.61 or higher). The process for getting SSH with Kerberos working is documented here: https://confluence.slac.stanford.edu/display/netmanpub/SSH+With+Kerberos+Authentication+on+Windows