OpenSSH 5.2p1 with GSSAPI Authentication
John Marshall
john.marshall at riverwillow.com.au
Sat Aug 22 00:13:04 UTC 2009
On Fri, 21 Aug 2009, 11:52 +0200, Matthias Andree wrote:
> Am 21.08.2009, 09:01 Uhr, schrieb John Marshall
> <john.marshall at riverwillow.com.au>:
>
> >Does *anybody* have this working?
> >
> >I've been using SSH with GSSAPI authentication for a couple of years but
> >found it no longer worked with sshd on an FreeBSD 8.0-BETA. FreeBSD
> >8.0-BETA has OpenSSH 5.2p1 included in the base system. I have tried
> >installing the OpenSSH 5.2p1 port (security/openssh-portable) on FreeBSD
> >7.2 servers and I can't get that to work either. sshd from the OpenSSH
> >5.1p1 included in the 7.n base system works fine.
> >
> >The only common denominator in all of my testing has been OpenSSH 5.2p1.
> >The debug logging from sshd shows that the gssapi library returns an
> >authentication failure; but gssapi authentication for squid and ldap
> >work fine on the same box (both 7.2 and 8.0).
> >
> >I'm stuck. The OpenSSH folks say that nothing has changed that would
> >break gssapi authentication.
> >
> >Does *anybody* have this working?
>
> How does this relate to your post on -CURRENT where you suggest upgrade
> Heimdal for 8.0 from 1.1.0 to 1.2.1 (you wrote that you needed that for
> OpenLDAP)? Have you built OpenSSH against Heimdal 1.2.1 or against 1.1.0?
It doesn't. The version of Heimdal seems not to make any difference. I
can't get joy with any of these combinations:
sshd Heimdal FreeBSD
---- ------- -------
base 5.2p1 base 1.1.0 8.0-BETA2
port 5.2p1 port 1.2.1% 8.0-BETA2
port 5.2p1 port 1.0.1 7.2-RELEASE
port 5.2p1 port 1.2.1% 7.2-RELEASE
[% = 1.0.1 heimdal port hacked to install 1.2.1]
Hmmm. While validating the table above, I tried something I hadn't
tried before. This works:
port 5.2p1 base 0.6.3 7.2-RELEASE
I just tried a 'make configure' on security/openssh-portable on 8.0, to
start digging into the configure log, and discover that the port is now
marked as 'broken' for 8.0. I'll spend a while on the ssh port on 7.2
and see if I can discover any clues.
--
John Marshall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20090822/68e777f0/attachment.pgp
More information about the freebsd-ports
mailing list