Sshd and domain authentication
Corinna Vinschen
vinschen at redhat.com
Wed May 21 05:40:40 EST 2003
On Tue, May 20, 2003 at 03:17:47PM -0400, Lee-Lun, Michael [IT] wrote:
> This is what I am using now, but this won't work well in our environment. I
> want to be able to let users login to an ssh host and use the NT domain to
> authenticate directly without using etc/passwd. How can this be done?
Without /etc/passwd not with Cygwin sshd.
Please keep replies on list. I've redirected this mail back to the
openssh-unix-dev mailing list.
Corinna
> -----Original Message-----
> From: Corinna Vinschen [mailto:vinschen at redhat.com]
> Sent: Tuesday, May 20, 2003 2:24 PM
> To: 'openssh-unix-dev at mindrot.org'
> Subject: Re: Sshd and domain authentication
>
>
> On Tue, May 20, 2003 at 01:01:05PM -0500, Douglas E. Engert wrote:
> >
> >
> > "Lee-Lun, Michael [IT]" wrote:
> > >
> > > Is there a way to run sshd on a windows 2000 server and have ssh
> > > clients authenticate to it using domain level authentication?
> >
> > Almost. Windows 2000 uses Kerberos for authentication, and the SSPI
> > which
> > is an early version of the Kerberos GSSAPI. It uses the same protocol as
> > the Kerberos GSSAPI. So if the ssh client and server use the GSSAPI then
> > you are close.
> >
> > You still need a server for Windows. There may be one out there.
>
> You can do this with a Cygwin sshd. But it needs a well maintained
> /etc/passwd and /etc/group files containing the domain accounts which are
> allowed to login.
>
> Corinna
> [...]
--
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com
More information about the openssh-unix-dev
mailing list