Problem with Kerberos auth on AIX 5.3

Dop dopheide at ncsa.uiuc.edu
Fri Feb 6 08:57:15 EST 2009 

Kyle,

Thanks for the reply.  I'll try building against the IBM supplied MIT stuff, I didn't know that was available.  OpenSSH binaries won't work for us, once I get the base code working as expected we'll be adding in some patches.

-Mike


----- "Kyle Chapman" <Kyle_Chapman at G1.com> wrote:

> Have you tried the binary stuff off:
> http://sourceforge.net/project/showfiles.php?group_id=127997
> 
> Its not the latest, however it works (krb5 support as well).  Have
> you
> also tried to build while using the ibm supplied MIT distro (its on
> the
> aix expansion kit cd)?  
> 
> -----Original Message-----
> From: openssh-unix-dev-bounces+kyle_chapman=g1.com at mindrot.org
> [mailto:openssh-unix-dev-bounces+kyle_chapman=g1.com at mindrot.org] On
> Behalf Of Dop
> Sent: Thursday, February 05, 2009 4:37 PM
> To: openssh-unix-dev at mindrot.org
> Subject: Problem with Kerberos auth on AIX 5.3
> 
> 
> I've been banging my head against this for a few days so I thought
> I'd
> see if anyone has an idea of what's going on.
> 
> AIX 5.3
> OpenSSH 5.1p1
> MIT Kerberos 1.6.3
> zlib 1.2.3
> 
> Built with CC=cc and LDFLAGS=-brtl
> 
> When the client attempts to enter their kerberos password the daemon
> rejects it with the following message:
> debug1: Kerberos password authentication failed: Not enough space.
> 
> If you try again the message changes to:
> debug1: Kerberos password authentication failed: There is not enough
> memory available now.
> 
> I tracked that down to auth-krb5.c and a call to
> krb5_sname_to_principal().  If you comment out that call kerberos
> password authentication works just fine.  Unfortunately, that's not a
> good long term solution.  It smells like some crazy AIX memory
> allocation problem to me.  The ulimit settings appear fine and that's
> about the limit of my AIX knowledge.
> 
> Any thoughts?  
> 
> Thanks,
> Mike
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev 
>  
> NOTICE: This E-mail may contain confidential information. If you are
> not
> the addressee or the intended recipient please do not read this
> E-mail
> and please immediately delete this e-mail message and any attachments
> from your workstation or network mail system. If you are the
> addressee
> or the intended recipient and you save or print a copy of this
> E-mail,
> please place it in an appropriate file, depending on whether
> confidential information is contained in the message.

More information about the openssh-unix-dev mailing list