From owner-freebsd-ports@FreeBSD.ORG  Sat Aug 22 00:13:04 2009
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 16446106568E
	for <freebsd-ports@freebsd.org>; Sat, 22 Aug 2009 00:13:04 +0000 (UTC)
	(envelope-from john.marshall@riverwillow.com.au)
Received: from mail1.riverwillow.net.au (mail1.riverwillow.net.au
	[203.58.93.36]) by mx1.freebsd.org (Postfix) with ESMTP id 8C1D48FC1C
	for <freebsd-ports@freebsd.org>; Sat, 22 Aug 2009 00:13:03 +0000 (UTC)
Received: from rwpc12.mby.riverwillow.net.au (rwpc12.mby.riverwillow.net.au
	[172.25.24.168]) (authenticated bits=0)
	by mail1.riverwillow.net.au (8.14.3/8.14.3) with ESMTP id
	n7M0CovM068780
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Sat, 22 Aug 2009 10:12:52 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=riverwillow.com.au;
	s=m1001; t=1250899972;
	bh=kG79bmZ2tLEUoU3tca1lZzcEhu+7FQwx+L8apN3wtD0=;
	h=Date:From:To:Cc:Subject:Message-ID:References:Mime-Version:
	Content-Type:In-Reply-To;
	b=0lb4C1AMctBofPYP3pNNwjWKNumMfVdjOsm8Jt1fHFiWLJ38QKjgNH2V8z12sYqaK
	PEexeSoyHd74CcoyarFDWbRqHGlF9ZzZZDHh5q2Z3cc0MO6IonZ9nbpqaHWmSddCTc
	7Xl5sg4K3rAjMDvodq7T8xm77wT/XpCIU7hJbnFc=
Received: from rwpc12.mby.riverwillow.net.au (localhost [127.0.0.1])
	by rwpc12.mby.riverwillow.net.au (8.14.3/8.14.3) with ESMTP id
	n7M0Co8l026570; Sat, 22 Aug 2009 10:12:50 +1000 (AEST)
	(envelope-from john.marshall@riverwillow.com.au)
Received: (from john@localhost)
	by rwpc12.mby.riverwillow.net.au (8.14.3/8.14.3/Submit) id
	n7M0CoNf026569; Sat, 22 Aug 2009 10:12:50 +1000 (AEST)
	(envelope-from john)
Date: Sat, 22 Aug 2009 10:12:50 +1000
From: John Marshall <john.marshall@riverwillow.com.au>
To: Matthias Andree <matthias.andree@gmx.de>
Message-ID: <20090822001250.GK2675@rwpc12.mby.riverwillow.net.au>
Mail-Followup-To: Matthias Andree <matthias.andree@gmx.de>,
	freebsd-ports@freebsd.org
References: <20090821070126.GJ2675@rwpc12.mby.riverwillow.net.au>
	<op.uy0a121k1e62zd@balu.cs.uni-paderborn.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="M5PHxtWZRXQUdpfa"
Content-Disposition: inline
In-Reply-To: <op.uy0a121k1e62zd@balu.cs.uni-paderborn.de>
User-Agent: Mutt/1.4.2.3i
OpenPGP: id=A29A84A2; url=http://pki.riverwillow.net.au/pgp/johnmarshall.asc
Cc: freebsd-ports@freebsd.org
Subject: Re: OpenSSH 5.2p1 with GSSAPI Authentication
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Aug 2009 00:13:04 -0000


--M5PHxtWZRXQUdpfa
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, 21 Aug 2009, 11:52 +0200, Matthias Andree wrote:
> Am 21.08.2009, 09:01 Uhr, schrieb John Marshall =20
> <john.marshall@riverwillow.com.au>:
>=20
> >Does *anybody* have this working?
> >
> >I've been using SSH with GSSAPI authentication for a couple of years but
> >found it no longer worked with sshd on an FreeBSD 8.0-BETA.  FreeBSD
> >8.0-BETA has OpenSSH 5.2p1 included in the base system.  I have tried
> >installing the OpenSSH 5.2p1 port (security/openssh-portable) on FreeBSD
> >7.2 servers and I can't get that to work either.  sshd from the OpenSSH
> >5.1p1 included in the 7.n base system works fine.
> >
> >The only common denominator in all of my testing has been OpenSSH 5.2p1.
> >The debug logging from sshd shows that the gssapi library returns an
> >authentication failure; but gssapi authentication for squid and ldap
> >work fine on the same box (both 7.2 and 8.0).
> >
> >I'm stuck.  The OpenSSH folks say that nothing has changed that would
> >break gssapi authentication.
> >
> >Does *anybody* have this working?
>=20
> How does this relate to your post on -CURRENT where you suggest upgrade =
=20
> Heimdal for 8.0 from 1.1.0 to 1.2.1 (you wrote that you needed that for =
=20
> OpenLDAP)?  Have you built OpenSSH against Heimdal 1.2.1 or against 1.1.0?

It doesn't.  The version of Heimdal seems not to make any difference.  I
can't get joy with any of these combinations:

 sshd        Heimdal     FreeBSD
 ----        -------     -------
 base 5.2p1  base 1.1.0  8.0-BETA2
 port 5.2p1  port 1.2.1% 8.0-BETA2
 port 5.2p1  port 1.0.1  7.2-RELEASE
 port 5.2p1  port 1.2.1% 7.2-RELEASE

[% =3D 1.0.1 heimdal port hacked to install 1.2.1]

Hmmm.  While validating the table above, I tried something I hadn't
tried before.  This works:

 port 5.2p1  base 0.6.3  7.2-RELEASE

I just tried a 'make configure' on security/openssh-portable on 8.0, to
start digging into the configure log, and discover that the port is now
marked as 'broken' for 8.0.  I'll spend a while on the ssh port on 7.2
and see if I can discover any clues.

--=20
John Marshall

--M5PHxtWZRXQUdpfa
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (FreeBSD)

iEYEARECAAYFAkqPOAIACgkQw/tAaKKahKJMLwCgzEEx7sH7QtbMUk0G2DiwMZ9O
wn4An3bDYMSHODrbf/WGb5rp3hxL88R1
=U9s9
-----END PGP SIGNATURE-----

--M5PHxtWZRXQUdpfa--