ssh_gssapi_check_mechanism fails

Ted Creedon tcreedon at easystreet.net
Mon Apr 20 03:29:02 EST 2009


4 servers all running various versions of OpenSuse and all have
openssh5.2.p1
I have complete control on the configurations, including kerberos.

RIght now I'd like to get gssapi working consistently and then move to
implementing Russ Alberry's pam_krb5 module.

For debugging I'l looking at krb5kdc.log on the krb5 server as well as
strace of both openssh clients and servers.

There needs to be better error messaging from openssh for sure.

Should I upgrade all the servers to the same version of gssapi?

server ookpik
openSUSE 11.1 (x86_64)
VERSION = 11.1

/usr/lib/libgssapi_krb5.so
/usr/lib/libgssapi_krb5.so.2
/usr/lib/libgssapi_krb5.so.2.2
/usr/lib64/libgssapi_krb5.so
/usr/lib64/libgssapi_krb5.so.2
/usr/lib64/libgssapi_krb5.so.2.2
/usr/lib64/sasl2/libgssapiv2.so
/usr/lib64/sasl2/libgssapiv2.so.2
/usr/lib64/sasl2/libgssapiv2.so.2.0.22
server nuiqsut
openSUSE 11.1 (i586)
VERSION = 11.1

/usr/lib/libgssapi_krb5.so
/usr/lib/libgssapi_krb5.so.2
/usr/lib/libgssapi_krb5.so.2.2
/usr/lib/sasl2/libgssapiv2.so
/usr/lib/sasl2/libgssapiv2.so.2
/usr/lib/sasl2/libgssapiv2.so.2.0.22

server redcloud

SUSE LINUX 10.1 (X86-64)
VERSION = 10.1

/lib/modules/2.6.16.27-0.9-default/kernel/net/sunrpc/auth_gss/rpcsec_gss_krb5.ko
/lib/modules/2.6.16.27-0.9-xen/kernel/net/sunrpc/auth_gss/rpcsec_gss_krb5.ko
/lib/security/pam_krb5.so
/lib/security/pam_krb5afs.so
/lib64/security/pam_krb5
/lib64/security/pam_krb5.so
/lib64/security/pam_krb5/pam_krb5_storetmp
/lib64/security/pam_krb5afs.so
/usr/lib/baselibs-32bit/bin/krb5-config
/usr/lib/freeradius/rlm_krb5-1.1.0.so
/usr/lib/freeradius/rlm_krb5.so
/usr/lib/libgssapi_krb5.so
/usr/lib/libgssapi_krb5.so.2
/usr/lib/libgssapi_krb5.so.2.2
/usr/lib/libkrb5.so
/usr/lib/libkrb5.so.3
/usr/lib/libkrb5.so.3.2
/usr/lib/libkrb5support.so
/usr/lib/libkrb5support.so.0
/usr/lib/libkrb5support.so.0.0
/usr/lib/mit/bin/krb5-config
/usr/lib/mit/bin/krb524init
/usr/lib/mit/sbin/krb5-send-pr
/usr/lib64/libgssapi_krb5.so
/usr/lib64/libgssapi_krb5.so.2
/usr/lib64/libgssapi_krb5.so.2.2
/usr/lib64/libkrb5.so
/usr/lib64/libkrb5.so.3
/usr/lib64/libkrb5.so.3.2
/usr/lib64/libkrb5support.so
/usr/lib64/libkrb5support.so.0
/usr/lib64/libkrb5support.so.0.0
/usr/lib64/postgresql/backup/libkrb5.so.17

server geronimo

openSUSE 10.3 (X86-64)
VERSION = 10.3

/usr/lib/libgssapi_krb5.so
/usr/lib/libgssapi_krb5.so.2
/usr/lib/libgssapi_krb5.so.2.2
/usr/lib64/libgssapi.a
/usr/lib64/libgssapi.la
/usr/lib64/libgssapi.so
/usr/lib64/libgssapi.so.2
/usr/lib64/libgssapi.so.2.0.0
/usr/lib64/libgssapi_krb5.so
/usr/lib64/libgssapi_krb5.so.2
/usr/lib64/libgssapi_krb5.so.2.2
/usr/lib64/pkgconfig/libgssapi.pc
/usr/lib64/sasl2/libgssapiv2.so
/usr/lib64/sasl2/libgssapiv2.so.2
/usr/lib64/sasl2/libgssapiv2.so.2.0.22


More information about the openssh-unix-dev mailing list