Date: Tue, 26 Feb 2008 19:59:51 +0200 From: Stefan Lambrev <stefan.lambrev@moneybookers.com> To: ports@freebsd.org, shaun@FreeBSD.org, mnag@FreeBSD.org Subject: security/heimdal & openssh-portable problems Message-ID: <47C45397.5090104@moneybookers.com>
next in thread | raw e-mail | index | archive | help
Greetings, As described here: http://www.mail-archive.com/freebsd-ports@freebsd.org/msg10808.html upgrading heimdal break kauth (and openssh-portable). If I replace /usr/lib/libasn1.so.8 with /usr/local/lib/libasn1.so.8 ssh partly works, but gssapi-with-mic is still broken and I cannot login anymore. Here is some debug info from ssh -vvvv: debug3: authmethod_lookup gssapi-with-mic debug3: remaining preferred: publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive This worked with older heimdal without problems: debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentication succeeded (gssapi-with-mic). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 I'm using FreeBSD 7.0-RC1 i386, openssh-gssapi-4.7.p1_1,1 & heimdal-1.0.1 Openssh is compiled with KRB5_HOME=/usr/local/ (but removing it doesn't help except that I can build ssh) Any ideas how to get gssapi-keyex working again ? or should I just downgrade heimdal to 0.7.2_2? Btw it will be nice if the base ssh in FreeBSD 7 works with gssapi-with-mic too :) -- Best Wishes, Stefan Lambrev ICQ# 24134177
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47C45397.5090104>