GSSAPI Kerberos Differences between 5.1p1 and 5.2p1?
John Marshall
john.marshall at riverwillow.com.au
Fri Oct 2 17:29:29 EST 2009
On Fri, 17 Jul 2009, 16:57 +1000, John Marshall wrote:
> I'm trying to find clues on what may have changed for GSSAPI (Kerberos)
> authentication between OpenSSH 5.1p1 and 5.2p1. We have been using
> GSSAPI authentication for ssh for about 18 months with no problem with
> the OpenSSH build that is bundled with the FreeBSD operating system.
> All of those machines have OpenSSH 5.1p1. Last week I upgraded one of
> the servers to FreeBSD 8.0-BETA1 (yes, I know, BETA) which includes
> OpenSSH 5.2p1.
>
> GSSAPI authentication no longer works properly for access to the OpenSSH
> 5.2p1 server. I think I've narrowed this down to OpenSSH 5.2p1 because
> if I install the FreeBSD OpenSSH port (5.2p1) on one of our FreeBSD
> 7.2-RELEASE servers, I am seeing the same symptoms.
This turned out to be a gssapi-with-mic compatibility issue between
different versions of Heimdal. My misplaced implication of OpenSSH
5.2p1 was due to the fact that I had linked it against a newer version
of Heimdal.
--
John Marshall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20091002/72a70369/attachment.bin>
More information about the openssh-unix-dev
mailing list