Sshd and domain authentication

Corinna Vinschen vinschen at
Wed May 21 04:23:42 EST 2003

On Tue, May 20, 2003 at 01:01:05PM -0500, Douglas E. Engert wrote:
> "Lee-Lun, Michael [IT]" wrote:
> > 
> > Is there a way to run sshd on a windows 2000 server and have ssh clients
> > authenticate to it using domain level authentication?
> Almost. Windows 2000 uses Kerberos for authentication, and the SSPI which 
> is an early version of the Kerberos GSSAPI. It uses the same protocol as 
> the Kerberos GSSAPI. So if the ssh client and server use the GSSAPI then 
> you are close. 
> You still need a server for Windows. There may be one out there. 

You can do this with a Cygwin sshd.  But it needs a well maintained
/etc/passwd and /etc/group files containing the domain accounts which
are allowed to login.


Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at

More information about the openssh-unix-dev mailing list