Re: Kerberos support

From: Dan Riley (dsr@mail.lns.cornell.edu)
Date: 05/05/02 

From: Dan Riley <dsr@mail.lns.cornell.edu>
Date: 05 May 2002 12:33:55 -0400

"Phil Camus" <philippe.camus@in-fusio.com> writes:
> I have my Solaris 5.8 systems running SSH-3.1.0. I've decided to install
> Kerberos 5-1.0.6.

1.0.6 is *old*, and has many known problems. A newer version is
*highly* recommended. Since you appear to be outside the US, get the
current version from

    http://www.crypto-publish.org/mit-kerberos5/

That distribution is believed to be legal (by US laws) since the ITAR
was relaxed for open source crypto packages, but MIT's lawyers are
being very conservative about letting MIT publish that way--hence the
alternate source.

> checking for krb5_decrypt in -lk5crypto... (cached) no

Sometime well after 1.0.6, the kerberos crypto library was changed
from libcrypto to libk5crypto to avoid conflicts with OpenSSL--so
configure is looking for the library under the wrong name for the
version of Kerberos you have installed.

> The krb5 directory includes the lib and include directories, and the
> binaries. I've looked for a while on the internet, but I coudn't find
> anything. Any help would be welcome !

Install a newer version of kerberos 5. If you are installing OpenSSH,
apply Simon Wilkinson's Kerberos/GSSAPI OpenSSH patches from

    http://www.sxw.org.uk/computing/patches/openssh.html

Those patches add support for MIT krb5 and for GSSAPI authentication
with the version 2 protocol--without them, you only get krb5
authentication with the version 1 protocol, and it only works with
Heimdal.

I have no idea about Kerberos support in the commercial SSH. 

-- 
"The mere tendency of speech to encourage unlawful acts is not a
sufficient reason for banning it. [...]  The right to think is the
beginning of freedom, and speech must be protected from the government
because speech is the beginning of thought."  --Anthony Kennedy

Relevant Pages

  • Re: SSH 3.0.2 wont install
    ... I have gotten openssh 3.1 to install and working ... Able to SSH in as any user from anyhere. ... # Kerberos TGT Passing only works with the AFS kaserver ...
    (comp.security.ssh)
  • Re: Postfix install on 4.9
    ... Looks like it cannot find a kerberos library. ... you did a mini or custom install you do not have it. ... > bunker# make install ... > Weitergabe des Inhaltes der Email nicht gestattet ist. ...
    (freebsd-stable)
  • Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv
    ... > So far I've only found a few apps that didn't get rebuilt that appear to ... and most of them are Kerberos tools (not sure why ... trimming old and unused binaries. ... automatically garbage collected by the install process. ...
    (FreeBSD-Security)
  • Problem installing AFS
    ... I´m trying to install a AFS-server on my Debian box. ... I wish to use Kerberos and I have configured the Kerberos-realm. ... I also created a partition mounted on /vicepa and formated it with ext2. ... This command blocks and gives some of the following ...
    (comp.os.linux.networking)
  • Re: Using kerberos with users in passwd
    ... We have RHEL5 with krb5 and a script-generated /etc/passwd file. ... Active Directory via script. ... Kerberos using PAM and nsswitch.conf. ... HP-UX there is a PAM module which uses a file pam_users.conf. ...
    (comp.protocols.kerberos)