How to generate additional debug messages for sshd gssapi failures?
John Marshall
john.marshall at riverwillow.com.au
Fri Oct 2 17:24:00 EST 2009
On Tue, 22 Sep 2009, 15:21 -0500, Jim Basney wrote:
> Maybe this will help with troubleshooting. It may require setting
> UsePrivilegeSeparation no in sshd_config to get a useful error message.
>
> Index: auth2-gss.c
> ===================================================================
> RCS file: /cvs/openssh/auth2-gss.c,v
> retrieving revision 1.19
> diff -u -r1.19 auth2-gss.c
Thank you Jim,
That provided me with enough clues to do the troubleshooting I needed to
do. The problem ended up being a gssapi-with-mic compatibility issue
between Kerberos implementations on the client and server.
--
John Marshall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20091002/3e902aa2/attachment.bin>
More information about the openssh-unix-dev
mailing list