From owner-freebsd-ports@FreeBSD.ORG Fri Aug 21 09:52:45 2009 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2D83E106568C for ; Fri, 21 Aug 2009 09:52:45 +0000 (UTC) (envelope-from matthias.andree@gmx.de) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.freebsd.org (Postfix) with SMTP id 736898FC55 for ; Fri, 21 Aug 2009 09:52:43 +0000 (UTC) Received: (qmail invoked by alias); 21 Aug 2009 09:52:43 -0000 Received: from balu.cs.uni-paderborn.de (EHLO balu.cs.uni-paderborn.de) [131.234.21.37] by mail.gmx.net (mp027) with SMTP; 21 Aug 2009 11:52:43 +0200 X-Authenticated: #428038 X-Provags-ID: V01U2FsdGVkX18NpbFghs0NYclkCJWv+8irfcsSzKDzN8EvjKl8lM U240QQoVagn3rp Received: from localhost ([127.0.0.1] helo=balu.cs.uni-paderborn.de) by balu.cs.uni-paderborn.de with esmtp (Exim 4.69) (envelope-from ) id KOQ0RS-0004C0-N0; Fri, 21 Aug 2009 11:52:40 +0200 Date: Fri, 21 Aug 2009 11:52:40 +0200 To: "John Marshall" , freebsd-ports@freebsd.org From: "Matthias Andree" Content-Type: text/plain; format=flowed; delsp=yes; charset=iso-8859-15 MIME-Version: 1.0 References: <20090821070126.GJ2675@rwpc12.mby.riverwillow.net.au> Content-Transfer-Encoding: 7bit Organization: Message-ID: In-Reply-To: <20090821070126.GJ2675@rwpc12.mby.riverwillow.net.au> User-Agent: Opera Mail/9.64 (Win32) X-Y-GMX-Trusted: 0 X-FuHaFi: 0.57 Cc: Subject: Re: OpenSSH 5.2p1 with GSSAPI Authentication X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Aug 2009 09:52:45 -0000 Am 21.08.2009, 09:01 Uhr, schrieb John Marshall : > Does *anybody* have this working? > > I've been using SSH with GSSAPI authentication for a couple of years but > found it no longer worked with sshd on an FreeBSD 8.0-BETA. FreeBSD > 8.0-BETA has OpenSSH 5.2p1 included in the base system. I have tried > installing the OpenSSH 5.2p1 port (security/openssh-portable) on FreeBSD > 7.2 servers and I can't get that to work either. sshd from the OpenSSH > 5.1p1 included in the 7.n base system works fine. > > The only common denominator in all of my testing has been OpenSSH 5.2p1. > The debug logging from sshd shows that the gssapi library returns an > authentication failure; but gssapi authentication for squid and ldap > work fine on the same box (both 7.2 and 8.0). > > I'm stuck. The OpenSSH folks say that nothing has changed that would > break gssapi authentication. > > Does *anybody* have this working? How does this relate to your post on -CURRENT where you suggest upgrade Heimdal for 8.0 from 1.1.0 to 1.2.1 (you wrote that you needed that for OpenLDAP)? Have you built OpenSSH against Heimdal 1.2.1 or against 1.1.0? -- Matthias Andree