OpenSSH 5.2p1 with GSSAPI Authentication
John Marshall
john.marshall at riverwillow.com.au
Sat Aug 22 04:59:56 UTC 2009
On Sat, 22 Aug 2009, 10:12 +1000, John Marshall wrote:
> I just tried a 'make configure' on security/openssh-portable on 8.0, to
> start digging into the configure log, and discover that the port is now
> marked as 'broken' for 8.0. I'll spend a while on the ssh port on 7.2
> and see if I can discover any clues.
I found a few instances of things like the following in config.log...
--------------
/usr/bin/ld: warning: libkrb5.so.9, needed by /usr/lib/libgssapi_krb5.so, may conflict with libkrb5.so.25
/usr/bin/ld: warning: libroken.so.9, needed by /usr/lib/libgssapi_krb5.so, may conflict with libroken.so.19
/usr/bin/ld: warning: libasn1.so.9, needed by /usr/lib/libgssapi_krb5.so, may conflict with libasn1.so.8
--------------
...and noted that the quoted ./configure command line at the top of the
log included "--with-kerberos5=" (no value). I provided an explicit
"KRB5_HOME=/usr/local" to make which resolved those warnings - but still
results in an sshd which will not work with gssapi.
The only build of sshd 5.2p1 which works (for me) with gssapi is a build
on FreeBSD 7.2 against the base Heimdal (0.6.3). Note that the only way
I found to achieve that was to remove the Heimdal port first, to prevent
the OpenSSH build finding Heimdal port libraries in /usr/local.
Specifying "KRB5_HOME=/usr" was not sufficient to prevent the build
searching /usr/local first.
Perhaps there is more tweaking necessary to get OpenSSH to be happy with
Heimdal > 0.6.3?
Note that in all cases the OpenSSH 5.2p1 client (/usr/local/bin/ssh)
authenticates successfully via gssapi to existing sshd servers. It's
just the /usr/local/sbin/sshd linked with newer Heimdal libraries that
doesn't seem to want to play.
--
John Marshall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20090822/70a8b984/attachment.pgp
More information about the freebsd-ports
mailing list