From owner-freebsd-hackers@FreeBSD.ORG Tue Jun 20 02:58:42 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5560816A479 for ; Tue, 20 Jun 2006 02:58:42 +0000 (UTC) (envelope-from mnorwick@centurytel.net) Received: from msa1-mx.centurytel.net (msa1-mx.centurytel.net [209.142.136.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECFAD43D68 for ; Tue, 20 Jun 2006 02:58:40 +0000 (GMT) (envelope-from mnorwick@centurytel.net) Received: from [192.168.1.15] (207-118-221-229.dyn.centurytel.net [207.118.221.229]) by msa1-mx.centurytel.net (8.13.6/8.13.6) with ESMTP id k5K2wctS031536 for ; Mon, 19 Jun 2006 21:58:38 -0500 Message-ID: <4497647A.8080909@centurytel.net> Date: Mon, 19 Jun 2006 21:59:06 -0500 From: "Michael D. Norwick" User-Agent: Debian Thunderbird 1.0.2 (X11/20060423) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Tue, 20 Jun 2006 11:47:29 +0000 Subject: MIT kerberos and ssh X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2006 02:58:42 -0000 I didn't get any replies on freebsd-questions for this one maybe someone here could help? ------------------------------------------------------------------- I have been trying to get a working MIT Kerberos KDC on a server running 6.1-Release. I have been able to keep the heimdal version from being built during several past 'make worlds' and I have compiled and installed MIT krb5 from /usr/ports (current per portmanager). I have been getting an error tryiing to start sshd (also built from /usr/ports), it complains about not finding 'libkrb5.so.8' then exits. I have been able to start the KDC but have not gotten much further as I would like to fix the ssh problem first. My questions are as follows: 1. Is libkrb5.so.8 a heimdal library? 2. Which source directories are the correct ones to use, /usr/src/kerberos - /usr/src/secure, or /usr/ports/security/krb5 - /usr/ports/security/openssh? 3. Why are there two different directories i.e; /usr/src and /usr/ports for the same source? 4. How do I get 'kerberized' ssh and give configure directives to the krb5 make to include GSSAPI support? 5. Is there a certain build order for MIT kerberos and openssh? I have read both the Handbook and the 'Complete' book on this subject and have not been able to glean enough information to get me going, Google didn't help much either. I have 6 Debian clients, 2 WinXP clients, and 1 Debian KDC slave and wanted this machine to be an MIT-KDC master and yet avoid the apparent 'kadmin' server incompatibility between Heimdal and MIT Kerberos (which all the Debian clients run). I am also very comfortable with the MIT version. Any words of wisdom would be greatly appreciated. Michael