OpenSSH/Heimdal/MIT KDC problem/question
Robert Banz
banz at umbc.edu
Tue Oct 26 02:42:30 EST 2004
Hi,
I'm running OpenSSH 3.8 & 3.9, compiled against Heimdal 0.6.3 for it's
GSSAPI & AFS integration.
A couple weeks ago, we upgraded our MIT KDC from (ugh) Kerberos 5 1.0.6
to the lastest and greatest 1.3.5. However, it seems that as part of
the upgrade, our GSSAPI credentials passing in OpenSSH stopped working.
Actually, didn't completely stop... You can still do a GSSAPI-based
logon to the same machine, e.g.
machine1> ssh machine1
works.
machine1> ssh machine2
doesn't.
Weirdo, eh?
I'm pretty familar with the Kerb APIs, however, not so much with the
GSSAPI stuff; however, the GSSAPI routines seem to obfuscate what's
going on at the Kerb level, so it's hard to tell what's going on.
Any takers?
--
Robert Banz (banz at umbc.edu)
UMBC Office of Information Technology
(410) 455-3933 fax: (410) 455-1065
More information about the openssh-unix-dev
mailing list