Web lists-archives.com

[Samba] SSH SSO without keytab file




Hi all,

I've setup a SambaAD server. I joined two Linux test hosts, a Windows test host and an SSH server to the domain. Here are my requirements:

1. I plan to use Samba accounts to authenticate the users for SSH.
2. Users shouldn't have to re-enter their passwords to connect to SSH.

The link at [1] gives some hints on setting up SSO and SSH. But that guide requires creation (and re-creation upon password change) of keytab files.

Is there a way to get SSO without using keytab files? My rather theoretical knowledge of Kerberos says that the user should get a TGT when logging in for a new session (using LightDM). Can't the same TGT be used by ssh client to request a ticket from Kerberos Authentication Server for SSH server?

This approach will save me from management and routine re-creation of keytab files.

Kind regards,
Harp

[1] https://wiki.samba.org/index.php/OpenSSH_Single_sign-on#SSH_client_setup

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba