Date: Sat, 22 Aug 2009 10:12:50 +1000 From: John Marshall <john.marshall@riverwillow.com.au> To: Matthias Andree <matthias.andree@gmx.de> Cc: freebsd-ports@freebsd.org Subject: Re: OpenSSH 5.2p1 with GSSAPI Authentication Message-ID: <20090822001250.GK2675@rwpc12.mby.riverwillow.net.au> In-Reply-To: <op.uy0a121k1e62zd@balu.cs.uni-paderborn.de> References: <20090821070126.GJ2675@rwpc12.mby.riverwillow.net.au> <op.uy0a121k1e62zd@balu.cs.uni-paderborn.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--M5PHxtWZRXQUdpfa Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, 21 Aug 2009, 11:52 +0200, Matthias Andree wrote: > Am 21.08.2009, 09:01 Uhr, schrieb John Marshall =20 > <john.marshall@riverwillow.com.au>: >=20 > >Does *anybody* have this working? > > > >I've been using SSH with GSSAPI authentication for a couple of years but > >found it no longer worked with sshd on an FreeBSD 8.0-BETA. FreeBSD > >8.0-BETA has OpenSSH 5.2p1 included in the base system. I have tried > >installing the OpenSSH 5.2p1 port (security/openssh-portable) on FreeBSD > >7.2 servers and I can't get that to work either. sshd from the OpenSSH > >5.1p1 included in the 7.n base system works fine. > > > >The only common denominator in all of my testing has been OpenSSH 5.2p1. > >The debug logging from sshd shows that the gssapi library returns an > >authentication failure; but gssapi authentication for squid and ldap > >work fine on the same box (both 7.2 and 8.0). > > > >I'm stuck. The OpenSSH folks say that nothing has changed that would > >break gssapi authentication. > > > >Does *anybody* have this working? >=20 > How does this relate to your post on -CURRENT where you suggest upgrade = =20 > Heimdal for 8.0 from 1.1.0 to 1.2.1 (you wrote that you needed that for = =20 > OpenLDAP)? Have you built OpenSSH against Heimdal 1.2.1 or against 1.1.0? It doesn't. The version of Heimdal seems not to make any difference. I can't get joy with any of these combinations: sshd Heimdal FreeBSD ---- ------- ------- base 5.2p1 base 1.1.0 8.0-BETA2 port 5.2p1 port 1.2.1% 8.0-BETA2 port 5.2p1 port 1.0.1 7.2-RELEASE port 5.2p1 port 1.2.1% 7.2-RELEASE [% =3D 1.0.1 heimdal port hacked to install 1.2.1] Hmmm. While validating the table above, I tried something I hadn't tried before. This works: port 5.2p1 base 0.6.3 7.2-RELEASE I just tried a 'make configure' on security/openssh-portable on 8.0, to start digging into the configure log, and discover that the port is now marked as 'broken' for 8.0. I'll spend a while on the ssh port on 7.2 and see if I can discover any clues. --=20 John Marshall --M5PHxtWZRXQUdpfa Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAkqPOAIACgkQw/tAaKKahKJMLwCgzEEx7sH7QtbMUk0G2DiwMZ9O wn4An3bDYMSHODrbf/WGb5rp3hxL88R1 =U9s9 -----END PGP SIGNATURE----- --M5PHxtWZRXQUdpfa--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090822001250.GK2675>