The Three Headed Dog Ate My SSH Keys! - Using OpenSSH in a Single Sign-on Corporate Environment with z/OS; Windows and Linux
Project and Program:
Enterprise Data Center,
Security and Compliance
Tags:
Proceedings,
2016,
SHARE in San Antonio 2016
Kerberos is an integral part of Windows Active Directory and is also available on z/OS and Linux systems. With the addition of Kerberos support (via the GSSAPI options) in IBM’s z/OS OpenSSH implementation; single sign-on for SSH connections is achievable by extending an existing Windows Active Directory Domain to include Linux servers and establishing a trust relationship with a z/OS Kerberos realm. In addition to the benefit of providing users the convenience of single sign-on; a Kerberos based implementation can be used to eliminate the Host Keys and SSH user private-public key pairs for all z/OS; Windows and Linux OpenSSH connections within that environment.
The presenters will provide detailed information on how to set up an OpenSSH Single Sign-on environment: • Configuring the z/OS Network Authentication Service
• Establishing Cross-Realm relationships between z/OS; Windows and Linux
• Configuring OpenSSH clients and servers to use GSSAPI authentication and key exchange
-Steve Goetze-Dovetailed Technologies; LLC; Kirk Wolf-Dovetailed Technologies; LLC
Back to Proceedings File Library