From owner-freebsd-hackers Sat Mar 18 1:30: 8 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id D5DD437B5D4 for ; Sat, 18 Mar 2000 01:29:42 -0800 (PST) (envelope-from sheldonh@axl.ops.uunet.co.za) Received: from sheldonh (helo=axl.ops.uunet.co.za) by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1) id 12WFYC-00009L-00 for freebsd-hackers@FreeBSD.org; Sat, 18 Mar 2000 11:29:40 +0200 From: Sheldon Hearn To: freebsd-hackers@FreeBSD.org Subject: openssh + krb5 Date: Sat, 18 Mar 2000 11:29:40 +0200 Message-ID: <578.953371780@axl.ops.uunet.co.za> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi folks, I'm trying to get openssh and krb5 in the base system to work on 5.0-CURRENT. I have a patch (included below) which get krb5 working and cause openssh to be linked against krb5. However, I now have two problems with openssh. First, sshd doesn't recognize the KerberosAuthentication, KerberosOrLocalPasswd nor KerberosTgtPassing options in sshd_config. Second, when using ssh to connect to a Datafellows sshd1 which _is_ krb5-enabled, ssh doesn't print the "debug: Trying Kerberos V5 authentication." message at all. This message _is_ printed when I try to connect to my own sshd (which exhibits the problem described above), but ssh fails over to RSA authentication immediately afterwards. Any ideas? Ciao, Sheldon. Index: kerberos5/Makefile.inc =================================================================== RCS file: /home/ncvs/src/kerberos5/Makefile.inc,v retrieving revision 1.5 diff -u -d -r1.5 Makefile.inc --- kerberos5/Makefile.inc 2000/03/01 13:50:27 1.5 +++ kerberos5/Makefile.inc 2000/03/16 14:36:53 @@ -14,7 +14,7 @@ CFLAGS+=-Wall -I${INCLUDEDIR} -I${INCLUDEOBJDIR} -DHAVE_CONFIG_H .if defined(MAKE_KERBEROS4) && \ - (${MAKE_KERBEROS4} == "yes" || ${MAKE_KERBEROS4} == "yes") + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") CFLAGS+=-DKRB5_KRB4_COMPAT -DKRB4 .endif Index: kerberos5/lib/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/lib/Makefile,v retrieving revision 1.2 diff -u -d -r1.2 Makefile --- kerberos5/lib/Makefile 2000/03/01 13:50:30 1.2 +++ kerberos5/lib/Makefile 2000/03/16 14:37:34 @@ -1,7 +1,8 @@ # $FreeBSD: src/kerberos5/lib/Makefile,v 1.2 2000/03/01 13:50:30 markm Exp $ SUBDIR= libroken libasn1 libhdb libkrb5 libkadm5clnt libkadm5srv libsl -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") SUBDIR+=libkafs5 .endif .include Index: kerberos5/lib/libkrb5/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/lib/libkrb5/Makefile,v retrieving revision 1.3 diff -u -d -r1.3 Makefile --- kerberos5/lib/libkrb5/Makefile 2000/02/28 19:15:07 1.3 +++ kerberos5/lib/libkrb5/Makefile 2000/03/17 15:00:49 @@ -8,6 +8,10 @@ -I${KRB5DIR}/include \ -I${KRB5OBJDIR} \ -I${ASN1OBJDIR} +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") +CFLAGS+=-I${KRB4DIR}/include +.endif SRCS= add_et_list.c addr_families.c address.c aname_to_localname.c \ asn1_glue.c auth_context.c build_ap_req.c build_auth.c \ cache.c changepw.c codec.c config_file.c config_file_netinfo.c \ @@ -19,7 +23,7 @@ get_in_tkt.c get_in_tkt_pw.c get_in_tkt_with_keytab.c \ get_in_tkt_with_skey.c get_port.c init_creds.c init_creds_pw.c \ keyblock.c keytab.c keytab_file.c keytab_memory.c \ - keytab_krb4.c keytab_keyfile.c krbhst.c kuserok.c log.c \ + keytab_keyfile.c krbhst.c kuserok.c log.c \ mcache.c misc.c mk_error.c mk_priv.c mk_rep.c mk_req.c \ mk_req_ext.c mk_safe.c net_read.c net_write.c n-fold.c \ padata.c principal.c prog_setup.c prompter_posix.c \ @@ -30,9 +34,17 @@ verify_init.c verify_user.c version.c warn.c write_message.c \ krb5_err.c krb5_err.h heim_err.c heim_err.h \ rc4_enc.c rc4_skey.c +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") +SRCS+= keytab_krb4.c +.endif INCLUDES=${KRB5DIR}/lib/krb5/krb5.h ${.CURDIR}/../../include/krb5-types.h \ ${KRB5DIR}/lib/krb5/krb5-protos.h heim_err.h krb5_err.h +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") +INCLUDES+= ${KRB4DIR}/lib/krb/krb.h +.endif .include Index: kerberos5/libexec/hprop/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/libexec/hprop/Makefile,v retrieving revision 1.3 diff -u -d -r1.3 Makefile --- kerberos5/libexec/hprop/Makefile 2000/03/01 13:50:31 1.3 +++ kerberos5/libexec/hprop/Makefile 2000/03/16 15:38:12 @@ -12,7 +12,8 @@ -I${ASN1OBJDIR} \ -I${HDBOBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") _krb4libs= -lkrb -lkafs -lkdb _krb4deps= ${LIBKRB} ${LIBKAFS} ${LIBKDB} .endif Index: kerberos5/libexec/hpropd/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/libexec/hpropd/Makefile,v retrieving revision 1.3 diff -u -d -r1.3 Makefile --- kerberos5/libexec/hpropd/Makefile 2000/03/01 13:50:32 1.3 +++ kerberos5/libexec/hpropd/Makefile 2000/03/16 15:40:40 @@ -12,7 +12,8 @@ -I${ASN1OBJDIR} \ -I${HDBOBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") _krb4libs= -lkrb -lkafs -lkdb _krb4deps= ${LIBKRB} ${LIBKAFS} ${LIBKDB} .endif Index: kerberos5/libexec/ipropd-master/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/libexec/ipropd-master/Makefile,v retrieving revision 1.3 diff -u -d -r1.3 Makefile --- kerberos5/libexec/ipropd-master/Makefile 2000/03/01 13:50:33 1.3 +++ kerberos5/libexec/ipropd-master/Makefile 2000/03/16 15:41:55 @@ -12,7 +12,8 @@ -I${ASN1OBJDIR} \ -I${HDBOBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") _krb4libs= -lkrb -lkafs _krb4deps= ${LIBKRB} ${LIBKAFS} .endif Index: kerberos5/libexec/ipropd-slave/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/libexec/ipropd-slave/Makefile,v retrieving revision 1.3 diff -u -d -r1.3 Makefile --- kerberos5/libexec/ipropd-slave/Makefile 2000/03/01 13:50:34 1.3 +++ kerberos5/libexec/ipropd-slave/Makefile 2000/03/16 15:40:46 @@ -12,7 +12,8 @@ -I${ASN1OBJDIR} \ -I${HDBOBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") _krb4libs= -lkrb -lkafs _krb4deps= ${LIBKRB} ${LIBKAFS} .endif Index: kerberos5/libexec/k5admind/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/libexec/k5admind/Makefile,v retrieving revision 1.4 diff -u -d -r1.4 Makefile --- kerberos5/libexec/k5admind/Makefile 2000/03/01 13:50:35 1.4 +++ kerberos5/libexec/k5admind/Makefile 2000/03/16 15:40:25 @@ -13,7 +13,8 @@ -I${ASN1OBJDIR} \ -I${HDBOBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") SRCS+= version4.c _krb4libs= -lkrb -lkafs _krb4deps= ${LIBKRB} ${LIBKAFS} Index: kerberos5/libexec/k5passwdd/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/libexec/k5passwdd/Makefile,v retrieving revision 1.4 diff -u -d -r1.4 Makefile --- kerberos5/libexec/k5passwdd/Makefile 2000/03/01 13:50:36 1.4 +++ kerberos5/libexec/k5passwdd/Makefile 2000/03/16 15:38:26 @@ -11,7 +11,8 @@ -I${ASN1OBJDIR} \ -I${HDBOBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") _krb4libs= -lkrb -lkafs _krb4deps= ${LIBKRB} ${LIBKAFS} .endif Index: kerberos5/libexec/kdc/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/libexec/kdc/Makefile,v retrieving revision 1.3 diff -u -d -r1.3 Makefile --- kerberos5/libexec/kdc/Makefile 2000/03/01 13:50:37 1.3 +++ kerberos5/libexec/kdc/Makefile 2000/03/16 15:40:31 @@ -13,7 +13,8 @@ -I${ASN1OBJDIR} \ -I${HDBOBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") _krb4libs= -lkrb -lkafs _krb4deps= ${LIBKRB} ${LIBKAFS} .endif Index: kerberos5/usr.bin/k5admin/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/usr.bin/k5admin/Makefile,v retrieving revision 1.4 diff -u -d -r1.4 Makefile --- kerberos5/usr.bin/k5admin/Makefile 2000/03/01 13:50:39 1.4 +++ kerberos5/usr.bin/k5admin/Makefile 2000/03/16 15:37:56 @@ -15,7 +15,8 @@ -I${ASN1OBJDIR} \ -I${HDBOBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") _krb4libs= -lkrb -lkafs _krb4deps= ${LIBKRB} ${LIBKAFS} .endif Index: kerberos5/usr.bin/k5destroy/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/usr.bin/k5destroy/Makefile,v retrieving revision 1.4 diff -u -d -r1.4 Makefile --- kerberos5/usr.bin/k5destroy/Makefile 2000/03/01 13:50:43 1.4 +++ kerberos5/usr.bin/k5destroy/Makefile 2000/03/17 09:15:12 @@ -4,12 +4,14 @@ SRCS= kdestroy.c krb5_err.h heim_err.h CFLAGS+= -I${KRB5DIR}/include \ -I${KRB5DIR}/lib/roken \ + -I${KRB5DIR}/lib/kafs \ -I${KRB5DIR}/lib/krb5 \ -I${KRB5DIR}/lib/asn1 \ -I${KRB5DIR}/kuser \ -I${ASN1OBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") _krb4libs= -lkrb -lkafs _krb4deps= ${LIBKRB} ${LIBKAFS} .endif Index: kerberos5/usr.bin/k5init/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/usr.bin/k5init/Makefile,v retrieving revision 1.4 diff -u -d -r1.4 Makefile --- kerberos5/usr.bin/k5init/Makefile 2000/03/01 13:50:43 1.4 +++ kerberos5/usr.bin/k5init/Makefile 2000/03/17 11:47:26 @@ -4,12 +4,14 @@ SRCS= kinit.c kinit_options.c asn1_err.h krb5_err.h heim_err.h CFLAGS+= -I${KRB5DIR}/include \ -I${KRB5DIR}/lib/roken \ + -I${KRB5DIR}/lib/kafs \ -I${KRB5DIR}/lib/krb5 \ -I${KRB5DIR}/lib/asn1 \ -I${KRB5DIR}/kuser \ -I${ASN1OBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") _krb4libs= -L${KAFS5OBJDIR} -lkafs5 -lkrb -lkafs _krb4deps= ${LIBKAFS5} ${LIBKRB} ${LIBKAFS} .endif Index: kerberos5/usr.bin/k5list/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/usr.bin/k5list/Makefile,v retrieving revision 1.4 diff -u -d -r1.4 Makefile --- kerberos5/usr.bin/k5list/Makefile 2000/03/01 13:50:45 1.4 +++ kerberos5/usr.bin/k5list/Makefile 2000/03/17 11:49:52 @@ -4,12 +4,14 @@ SRCS= klist.c krb5_err.h heim_err.h CFLAGS+= -I${KRB5DIR}/include \ -I${KRB5DIR}/lib/roken \ + -I${KRB5DIR}/lib/kafs \ -I${KRB5DIR}/lib/krb5 \ -I${KRB5DIR}/lib/asn1 \ -I${KRB5DIR}/kuser \ -I${ASN1OBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") _krb4libs= -lkrb -lkafs _krb4deps= ${LIBKRB} ${LIBKAFS} .endif Index: kerberos5/usr.bin/k5passwd/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/usr.bin/k5passwd/Makefile,v retrieving revision 1.4 diff -u -d -r1.4 Makefile --- kerberos5/usr.bin/k5passwd/Makefile 2000/03/01 13:50:46 1.4 +++ kerberos5/usr.bin/k5passwd/Makefile 2000/03/16 15:37:36 @@ -9,7 +9,8 @@ -I${KRB5DIR}/kpasswd \ -I${ASN1OBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") _krb4libs= -lkrb -lkafs _krb4deps= ${LIBKRB} ${LIBKAFS} .endif Index: kerberos5/usr.sbin/k5stash/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/usr.sbin/k5stash/Makefile,v retrieving revision 1.4 diff -u -d -r1.4 Makefile --- kerberos5/usr.sbin/k5stash/Makefile 2000/03/01 13:50:47 1.4 +++ kerberos5/usr.sbin/k5stash/Makefile 2000/03/16 15:37:06 @@ -11,7 +11,8 @@ -I${ASN1OBJDIR} \ -I${HDBOBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") _krb4libs= -lkrb -lkafs _krb4deps= ${LIBKRB} ${LIBKAFS} .endif Index: kerberos5/usr.sbin/ktutil/Makefile =================================================================== RCS file: /home/ncvs/src/kerberos5/usr.sbin/ktutil/Makefile,v retrieving revision 1.3 diff -u -d -r1.3 Makefile --- kerberos5/usr.sbin/ktutil/Makefile 2000/03/01 13:50:48 1.3 +++ kerberos5/usr.sbin/ktutil/Makefile 2000/03/16 15:36:56 @@ -13,7 +13,8 @@ -I${KRB5DIR}/admin \ -I${ASN1OBJDIR} \ -I${.OBJDIR} -.if defined(MAKE_KERBEROS4) +.if defined(MAKE_KERBEROS4) && \ + (${MAKE_KERBEROS4} == "YES" || ${MAKE_KERBEROS4} == "yes") _krb4libs= -lkrb -lkafs _krb4deps= ${LIBKRB} ${LIBKAFS} .endif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message