AIX 4.3-to-5.2 breaks OpenSSH_3.8p1 gssapi

From: Tom Simons (tom.simons_at_gmail.com)
Date: 05/10/05

  • Next message: Abraham, Suraj: "Weird results"
    Date: Mon, 9 May 2005 16:24:50 -0700
    To: secureshell@securityfocus.com
    
    

    On our current AIX 4.3 clients, kinit-ssh command sequences provide
    logins without passwords. The identical OpenSSH_3.8p1 client fails
    under AIX 5.2 with error "Cannot resolve network address for KDC in
    requested realm".

    Has anyone seen this? This is not an /etc/krb5.conf issue - klist
    shows a good ticket, so the kinit command found the appropriate kdc,
    but ssh-gssapi can't

    > ssh -V
    OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
    > ssh -vvv . . .
     . . .
    debug3: authmethod_lookup gssapi-with-mic
    debug3: remaining preferred: hostbased,publickey,keyboard-interactive,password
    debug3: authmethod_is_enabled gssapi-with-mic
    debug1: Next authentication method: gssapi-with-mic
    debug2: we sent a gssapi-with-mic packet, wait for reply
    debug1: Delegating credentials
    debug1: Miscellaneous failure
    Cannot resolve network address for KDC in requested realm
     .


  • Next message: Abraham, Suraj: "Weird results"