Date: Sat, 22 Aug 2009 14:59:48 +1000 From: John Marshall <john.marshall@riverwillow.com.au> To: freebsd-ports@freebsd.org Cc: Matthias Andree <matthias.andree@gmx.de> Subject: Re: OpenSSH 5.2p1 with GSSAPI Authentication Message-ID: <20090822045948.GL2675@rwpc12.mby.riverwillow.net.au> In-Reply-To: <20090822001250.GK2675@rwpc12.mby.riverwillow.net.au> References: <20090821070126.GJ2675@rwpc12.mby.riverwillow.net.au> <op.uy0a121k1e62zd@balu.cs.uni-paderborn.de> <20090822001250.GK2675@rwpc12.mby.riverwillow.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
--bqPh76xD3yWylqqJ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, 22 Aug 2009, 10:12 +1000, John Marshall wrote: > I just tried a 'make configure' on security/openssh-portable on 8.0, to > start digging into the configure log, and discover that the port is now > marked as 'broken' for 8.0. I'll spend a while on the ssh port on 7.2 > and see if I can discover any clues. I found a few instances of things like the following in config.log... -------------- /usr/bin/ld: warning: libkrb5.so.9, needed by /usr/lib/libgssapi_krb5.so,= may conflict with libkrb5.so.25 /usr/bin/ld: warning: libroken.so.9, needed by /usr/lib/libgssapi_krb5.so= , may conflict with libroken.so.19 /usr/bin/ld: warning: libasn1.so.9, needed by /usr/lib/libgssapi_krb5.so,= may conflict with libasn1.so.8 -------------- =2E..and noted that the quoted ./configure command line at the top of the log included "--with-kerberos5=3D" (no value). I provided an explicit "KRB5_HOME=3D/usr/local" to make which resolved those warnings - but still results in an sshd which will not work with gssapi. The only build of sshd 5.2p1 which works (for me) with gssapi is a build on FreeBSD 7.2 against the base Heimdal (0.6.3). Note that the only way I found to achieve that was to remove the Heimdal port first, to prevent the OpenSSH build finding Heimdal port libraries in /usr/local. Specifying "KRB5_HOME=3D/usr" was not sufficient to prevent the build searching /usr/local first. Perhaps there is more tweaking necessary to get OpenSSH to be happy with Heimdal > 0.6.3? Note that in all cases the OpenSSH 5.2p1 client (/usr/local/bin/ssh) authenticates successfully via gssapi to existing sshd servers. It's just the /usr/local/sbin/sshd linked with newer Heimdal libraries that doesn't seem to want to play. --=20 John Marshall --bqPh76xD3yWylqqJ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAkqPe0QACgkQw/tAaKKahKJCdACeIJY3DXO3YUtfHlk4yVFZSaTT EmUAoLWd6lzmcy9h5VtNy4b81yQ6WaS+ =z3fb -----END PGP SIGNATURE----- --bqPh76xD3yWylqqJ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090822045948.GL2675>