How to generate additional debug messages for sshd gssapi failures?
John Marshall
john.marshall at riverwillow.com.au
Mon Sep 21 17:05:15 EST 2009
I'm trying to troubleshoot gssapi_with_mic authentication with OpenSSH
5.2p1 on FreeBSD 8.0.
If I run sshd with maximum debug "sshd -ddd" the most detail I get is:
GSSAPI MIC check failed
That comes from line 282 in auth2-gss.c
279 if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
280 authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
281 else
282 logit("GSSAPI MIC check failed");
283
I think that's as much help as I can get from sshd. I'd like to add
some printf's to that else clause so that I can see the reason codes
returned by the gssapi routines. I'm not a programmer. Can anybody
give me any hints as to what to put here?
Is there any chance of enhancing the error reporting at that point in a
future release so that debug logging produces useful output?
Thank you for your help.
--
John Marshall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20090921/47312979/attachment.bin>
More information about the openssh-unix-dev
mailing list