security/heimdal & openssh-portable problems
Stefan Lambrev
stefan.lambrev at moneybookers.com
Tue Feb 26 18:16:52 UTC 2008
Greetings,
As described here:
http://www.mail-archive.com/freebsd-ports@freebsd.org/msg10808.html
upgrading heimdal break kauth (and openssh-portable).
If I replace /usr/lib/libasn1.so.8 with /usr/local/lib/libasn1.so.8 ssh
partly works,
but gssapi-with-mic is still broken and I cannot login anymore.
Here is some debug info from ssh -vvvv:
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
This worked with older heimdal without problems:
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentication succeeded (gssapi-with-mic).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
I'm using FreeBSD 7.0-RC1 i386, openssh-gssapi-4.7.p1_1,1 & heimdal-1.0.1
Openssh is compiled with KRB5_HOME=/usr/local/ (but removing it doesn't
help except that I can build ssh)
Any ideas how to get gssapi-keyex working again ? or should I just
downgrade heimdal to 0.7.2_2?
Btw it will be nice if the base ssh in FreeBSD 7 works with
gssapi-with-mic too :)
--
Best Wishes,
Stefan Lambrev
ICQ# 24134177
More information about the freebsd-ports
mailing list