Differences
This shows you the differences between the selected revisions of the page.
| 2008-06-04 | 2008-06-05 | ||
| no summary (128.250.18.20) | typography (martin) | ||
| Line 50: | Line 50: | ||
| To use MIT Kerberos authentication, you need to have [[&url(kerberosforwin)|MIT Kerberos for Windows]] installed. | To use MIT Kerberos authentication, you need to have [[&url(kerberosforwin)|MIT Kerberos for Windows]] installed. | ||
| - | If your Kerberos realm is not in the AD, MIT Kerberos authentication will not be used. For this you will need to specify a Service Principal Name as described below. Then, either store the password for ''<user>@<Kerberos Realm>'' under the advanced tab of the User accounts control panel or use | + | If your Kerberos realm is not in the AD, MIT Kerberos authentication will not be used. For this you will need to specify a //[[ui_login_authentication#service_principal_name_sspi|Service Principal Name]]// as described below. Then, either store the password for ''<user>@<realm>'' by going to //Windows Start Menu > Settings > Control Panel > User Accounts > Advanced > Manage Passwords > Add// or use following command to start WinSCP: ((If the latter method is used, the credentials that get established at startup after providing the kerberos password are only available to children of the initial process)) |
| - | ''runas /netonly /user:<user>@<realm> <path to WinSCP>'' | + | runas /netonly /user:<user>@<realm> <path_to_winscp> |
| - | to start WinSCP. If the latter method is used, the credentials that get established at startup after providing the kerberos password are only available to children of the initial process - ie. started using the ''Session -> New Session...'' or ''Session -> Saved Sessions'' navigation. | + | |
| ===== Allow agent forwarding ===== | ===== Allow agent forwarding ===== | ||
| Line 61: | Line 60: | ||
| The situation where it option is useful is where you do not have Kerberos for Windows on a local machine and are using cross realm where the realm of the server is not in AD. The local machine can be part of a domain, or a stand alone machine. It is proving handy for use from home for example. | The situation where it option is useful is where you do not have Kerberos for Windows on a local machine and are using cross realm where the realm of the server is not in AD. The local machine can be part of a domain, or a stand alone machine. It is proving handy for use from home for example. | ||
| - | The Service Principal Name should be entered in the form: | + | The //Service Principal Name// should be entered in the form: |
| <code> | <code> | ||
| - | host/<hostname>@<Kerberos Realm Name> | + | host/<hostname>@<realm> |
| </code> | </code> | ||
| Line 70: | Line 69: | ||
| <code> | <code> | ||
| - | ksetup /AddKdc <realm> <KdcName> | + | ksetup /AddKdc <realm> <kdc_name> |
| </code> | </code> | ||