0

I'm trying to setup a Cygwin instance running in Windows Server 2019, joined to a domain. OpenSSH Server is successfully installed in Cygwin and working with password method for AD Users. The goal is to enable GSSAPI for SSO login.

However Kerberos is not cooperating with me, and complaining about keytab file. A regular kinit for my user name works perfectly find and I can see the ticket.

The SSH Server debug output shows:

debug1: Unspecified GSS failure.  Minor code may provide more information
Key table file '/etc/krb5.keytab' not found

My krb5.conf is pretty simple.

[libdefaults]
        default_realm = DOMAIN.COM
        fowardable = true

[realms]
DOMAIN.COM = {
        kdc = DC1.DOMAIN.COM
        default_domain = DOMAIN.COM
}

However I keep getting that error. I think my understanding of how this works is a bit off. I've also tried to generate a keytab file in Windows and putting it on the correct place, but no luck.

Any idea if what I'm doing is possible? The Windows Server running this Cygwin instance is already joined to domain.

rgomez
  • 143
  • 1
  • 2
  • 10
  • Why are you using Cygwin OpenSSH and not the native build of OpenSSH that's already part of Server 2019? Last I checked, the latter directly uses Windows SSPI libraries... – user1686 Jan 26 '21 at 23:12
  • Maybe because there is still a need to support older OS versions and thus a need for a consistent configuration. – Bill_Stewart Jan 30 '21 at 15:18

0 Answers0