David Komanek xdavid at
Tue Jan 27 02:18:05 EST 2004

Dear developers,

to my previous post I have some additional info. I just erased all the
krb5 data and set it up from scratch. Now the message in sshd debug
changed to:

debug1:  Miscellaneous failure (see text)
Decrypt integrity check failed
debug1: Got no client credentials
Failed gssapi-with-mic for komanek ....

So it seems the problem is somewhere in the kerberos, not in openssh. Is
here anybody on the list who can confirm this ?

Thanks in advance,

  David Komanek

original post follows:

Dear developers,

I am already playing with openssh + heimdal krb5 + gssapi on Tru64Unix
5.1a and Irix 6.5.20, but with no much success. The worst problem I
experience is following:

- gethostbyname on tru64unix returns short host name instead of fqdn. But
even if I overcome this problem by appending the domain name to the lname
variable in gss-genr.c file and get over this problem, gss-api does not
work well. If the hostname is in fqdn format and is accepted by gssapi and
I run the daemon on tru64unix as

./sshd -p 2222 -d -d -d

I get the following:

debug2: input_userauth_request: try method gssapi-with-mic
debug3:  entering: type 37
debug3:  entering: type 38
debug3:  entering
debug3: : checking request 37
debug3:  entering: type 38
debug3:  entering
Postponed gssapi-with-mic for komanek from port 57083 ssh2

Where should I search for the problem - in OpenSSH code or in Heimdal code
? What actually this "postpone" means ?

It seems very strange to me, because if the sshd server is running on
another platform than tru64unix, it works. I already "upgraded" to latest
snapshots of both openssh and heimdal with no progress in this.

Thanks in advance.


  David Komanek
  Charles University in Prague
  Czech Republic

More information about the openssh-unix-dev mailing list