openssh and kerb 1.4.1 not so happy together

Phil Dibowitz phil at usc.edu
Thu Jul 7 11:05:14 EST 2005


On Thu, Jul 07, 2005 at 01:44:40AM +0100, sxw at inf.ed.ac.uk wrote:
> On Wed, 6 Jul 2005, Phil Dibowitz wrote:
> 
> > Folks,
> > 
> > I seem to have a problem when I upgraded our kerberos from 1.3.1 to 1.4.1 (MIT
> > krb 5), all of a sudden I can't ssh as another user.
> 
> Do you have tickets on the client? Are they for you, or for 'joe'?

no, no.

> Are you expecting logging in as 'joe' to succeed due to a .k5login file, 
> or should you be prompted for a password?

I expect a password prompt, and I get one. I then says "connection closed by:
<ip of server>"

> What are you using for Kerberos password authentication? PAM, or the 
> inbuilt KerberosAuthentication stuff?

builtin gssapi stuff so people have the OPTION of kinit'ing for passwordless
login, but can use keys or password if they chose.

> Does the server fail cleanly, or does it die?

See above.

> Can you provide debugging logs from the client (with -v -v) and from the 
> server (-d -d -d)?

Sure, I should have done that before. ::slaps own wrist:: sorry.

Turns out that makes the error clear:

ld.so.1: /usr/lsd/openssh/default/sbin/sshd: fatal: relocation error: file
/usr/lsd/openssh/default/sbin/sshd: symbol krb5_init_ets: referenced symbol
not found
Killed

Of course, that's not the recompiled version.... but the recompiled version
has the same external symptoms. Hmmm.

-- 
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 180 - 213-821-5427

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20050706/a2b18a66/attachment.bin 


More information about the openssh-unix-dev mailing list