AIX 4.3-to-5.2 breaks OpenSSH_3.8p1 gssapi

From: Tom Simons (tom.simons_at_gmail.com)
Date: 05/10/05

Next message: Abraham, Suraj: "Weird results"

Previous message: Hicks,Rodger: "Can't scp from HPUX to AIX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 9 May 2005 16:24:50 -0700
To: secureshell@securityfocus.com

On our current AIX 4.3 clients, kinit-ssh command sequences provide
logins without passwords. The identical OpenSSH_3.8p1 client fails
under AIX 5.2 with error "Cannot resolve network address for KDC in
requested realm".

Has anyone seen this? This is not an /etc/krb5.conf issue - klist
shows a good ticket, so the kinit command found the appropriate kdc,
but ssh-gssapi can't

> ssh -V
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
> ssh -vvv . . .
. . .
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: hostbased,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Delegating credentials
debug1: Miscellaneous failure
Cannot resolve network address for KDC in requested realm
.

Next message: Abraham, Suraj: "Weird results"

Previous message: Hicks,Rodger: "Can't scp from HPUX to AIX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]