gssapi not enabled

Ted Creedon tcreedon at easystreet.net
Sat Apr 4 11:40:25 EST 2009


Its not getting that far.. Its not trying to contact the krb5kdc, it bombs
out on the enabled switch

I think the problem may be in the compilation - I'm adding some includes but
I can't get it to find krb5-config

checking for krb5-config... no
checking whether we are using Heimdal... no
checking for library containing dn_expand... (cached) no
checking for gss_init_sec_context in -lgssapi_krb5... yes
checking gssapi.h usability... yes
checking gssapi.h presence... yes
checking for gssapi.h... yes
checking gssapi_krb5.h usability... yes
checking gssapi_krb5.h presence... no
configure: WARNING: gssapi_krb5.h: accepted by the compiler, rejected by the
preprocessor!
configure: WARNING: gssapi_krb5.h: proceeding with the compiler's result
checking for gssapi_krb5.h... yes
checking for gssapi.h... (cached) yes
checking gssapi/gssapi.h usability... yes
checking gssapi/gssapi.h presence... yes
checking for gssapi/gssapi.h... yes
checking for gssapi_krb5.h... (cached) yes
checking gssapi/gssapi_krb5.h usability... yes
checking gssapi/gssapi_krb5.h presence... yes
checking for gssapi/gssapi_krb5.h... yes
checking gssapi_generic.h usability... yes
checking gssapi_generic.h presence... no
configure: WARNING: gssapi_generic.h: accepted by the compiler, rejected by
the preprocessor!
configure: WARNING: gssapi_generic.h: proceeding with the compiler's result
checking for gssapi_generic.h... yes
checking gssapi/gssapi_generic.h usability... yes
checking gssapi/gssapi_generic.h presence... yes
checking for gssapi/gssapi_generic.h... yes


On Fri, Apr 3, 2009 at 5:26 PM, Simon Wilkinson <sxw at inf.ed.ac.uk> wrote:

>
> On 4 Apr 2009, at 00:29, Ted Creedon wrote:
>
>  sshd_conf  aaadn ssh_conf
>>
>> # GSSAPI options
>> GSSAPIAuthentication yes
>> GSSAPICleanupCredentials yes
>>
>>  ssh -vvvv -o PreferredAuthentications=gssapi-with-mic localhost
>>
>
> Do you have a key in your KDC for host/localhost (I suspect not, and you
> don't want one either)
>
> Kerberos has to be done against real, addresses, which resolve to hostnames
> for which entries have been created in your KDC, and populated in your
> servers keytab.
>
> Cheers,
>
> Simon.
>
>


More information about the openssh-unix-dev mailing list