In addition to the main PuTTy client (putty.exe), Centrify has modified the standard versions of the pscp.exe, psftp.exe, and plink.exe programs to support Kerberos authentication.
The modified pscp.exe program supports the following command formats:
pscp [options] [user@]host:source target pscp [options] source [source...] [user@]host:target pscp [options] -ls [user@]host:filespec
The modified psftp.exe program supports the following command formats:
psftp [options] [user@]host
The modified plink.exe program supports the following command formats:
plink [options] [user@]host [command]
Many of the PuTTY settings can be provided as options to the command line tools. You can also save command line settings into sessions and load them when executing commands using the –load option. If the settings in a saved session conflict with those specified when invoking the command, the specified options take precedence.
In addition to the standard PuTTY command line options, Centrify PuTTY provides the following options:
| Option | Description |
|
-k |
Use Kerberos authentication and provide a UNIX user account name during login. This option is equivalent to selecting Attempt Kerberos auth (SSH-2) and None for the Auto-login username in the Centrify PuTTY Kerberos configuration page. |
|
-K |
Use Kerberos authentication and do auto login. This option is equivalent to selecting both Attempt Kerberos auth (SSH-2) and the User principal name (requires DirectControl) for the Auto-login username in the Centrify PuTTY Kerberos configuration page. |
|
-spn |
Specify the service principal name (SPN) of the target computer. This option takes effect only when the –k or –K option is used. This option is equivalent to specifying the computer’s service principal name for the Service principal name in the Centrify PuTTY Kerberos configuration page. |
The other Kerberos settings—such as Create forwardable tickets and Find machine from trusted domains—are not exposed as options to the pscp.exe, psftp.exe and plink.exe programs. You can configure these settings using the Centrify PuTTY client user interface, save them in a session, then load the session using the –load option.
The following example illustrates how to use Centrify PuTTY command line options to facilitate administrative tasks. In this example, the pscp.exe program is used to retrieve the file /etc/group from a remote Linux computer named RedHatLinux with the current user’s login name and Kerberos credentials for authentication on the remote computer:
pscp –K RedHatLinux:/etc/group c:\temp
Because this command uses the -K option, you don’t need to specify a user name in the command line or be prompted for password during runtime. Therefore, the command can be embedded in a batch file for administrative use. However, this command would require the remote RedHatLinux computer to have the Centrify Agent installed and be joined to an Active Directory domain.
Doc Feedback