gssapi-with-mic and krb5 MIT problems

• Previous message: Darren Tucker: "Re: ssh processes lingering after scp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 07 Oct 2004 23:02:16 +0200
To: secureshell@securityfocus.com

Hi,

I have a MIT KDC(running 1.3) and I'm trying to get openssl with gssapi working. It used to work for us very well under earlier version of openssh but now it fails. And I'm realy not sure why.

I've tried to compile openssh with Heimdal but that failed completely with the error:

Oct 7 22:28:48 srv1 sshd[37521]: fatal: Couldn't convert client name

Tried to compile with OpenSSH 3.8 with the Dia

Below is part of a logfile which is a server running OpenSSH 3.9p1 compiled with the krb5 libs from MIT version 1.3.4

Client side:

debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey

Server side:

Oct 7 22:37:47 srv1 sshd[50072]: debug3: Trying to reverse map address a.b.c.d.
Oct 7 22:37:47 srv1 sshd[50072]: debug1: userauth-request for user brendan service ssh-connection method none
Oct 7 22:37:47 srv1 sshd[50072]: debug1: attempt 0 failures 0
Oct 7 22:37:47 srv1 sshd[50072]: debug2: input_userauth_request: setting up authctxt for brendan
Oct 7 22:37:47 srv1 sshd[50072]: debug2: input_userauth_request: try method none
Oct 7 22:37:47 srv1 sshd[50072]: Failed none for brendan from a.b.c.d port 2786 ssh2
Oct 7 22:37:47 srv1 sshd[50072]: debug1: userauth-request for user brendan service ssh-connection method gssapi-with-mic
Oct 7 22:37:47 srv1 sshd[50072]: debug1: attempt 1 failures 1
Oct 7 22:37:47 srv1 sshd[50072]: debug2: input_userauth_request: try method gssapi-with-mic
Oct 7 22:37:47 srv1 sshd[50072]: debug1: \n\n
Oct 7 22:37:47 srv1 sshd[50072]: Failed gssapi-with-mic for brendan from a.b.c.d port 2786 ssh2
Oct 7 22:37:47 srv1 sshd[50072]: debug1: userauth-request for user brendan service ssh-connection method keyboard-interactive
Oct 7 22:37:47 srv1 sshd[50072]: debug1: attempt 2 failures 2

openssh is complied with :

./configure --prefix=/usr/local/openssh --with-md5-passwords --with-pam --with-tcp-wrappers --disable-suid-ssh --with-kerberos5=/usr/local/krb5 --sysconfdir=/usr/local/openssh/etc/ssh --with-privsep-path=/var/empty --without-rpath --with-ssl-dir=/usr --prefix=/usr/local/openssh i386-portbld-freebsd4.10

Can someone give me some advice how to make openssh/gssapi and MIT krb5 working again?

Many thanks,

 - Brendan

• Previous message: Darren Tucker: "Re: ssh processes lingering after scp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]