openssh and kerb 1.4.1 not so happy together
Phil Dibowitz
phil at usc.edu
Thu Jul 7 11:05:14 EST 2005
On Thu, Jul 07, 2005 at 01:44:40AM +0100, sxw at inf.ed.ac.uk wrote:
> On Wed, 6 Jul 2005, Phil Dibowitz wrote:
>
> > Folks,
> >
> > I seem to have a problem when I upgraded our kerberos from 1.3.1 to 1.4.1 (MIT
> > krb 5), all of a sudden I can't ssh as another user.
>
> Do you have tickets on the client? Are they for you, or for 'joe'?
no, no.
> Are you expecting logging in as 'joe' to succeed due to a .k5login file,
> or should you be prompted for a password?
I expect a password prompt, and I get one. I then says "connection closed by:
<ip of server>"
> What are you using for Kerberos password authentication? PAM, or the
> inbuilt KerberosAuthentication stuff?
builtin gssapi stuff so people have the OPTION of kinit'ing for passwordless
login, but can use keys or password if they chose.
> Does the server fail cleanly, or does it die?
See above.
> Can you provide debugging logs from the client (with -v -v) and from the
> server (-d -d -d)?
Sure, I should have done that before. ::slaps own wrist:: sorry.
Turns out that makes the error clear:
ld.so.1: /usr/lsd/openssh/default/sbin/sshd: fatal: relocation error: file
/usr/lsd/openssh/default/sbin/sshd: symbol krb5_init_ets: referenced symbol
not found
Killed
Of course, that's not the recompiled version.... but the recompiled version
has the same external symptoms. Hmmm.
--
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 180 - 213-821-5427
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20050706/a2b18a66/attachment.bin
More information about the openssh-unix-dev
mailing list