[Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Sep 16 19:33:13 EST 2003 

http://bugzilla.mindrot.org/show_bug.cgi?id=635





------- Additional Comments From mmokrejs at natur.cuni.cz  2003-09-16 19:33 -------
I decided to reinstall heimdal and openssh again, both with latest snapshots.
With openssh-SNAP-20030916.tar.gz I see:

$ ./configure --prefix=/usr/local --with-tcp-wrappers
--with-ssl-dir=/software/@sys/usr/openssl --with-prngd-socket=/var/run/egd-pool
--with-default-path=/software/@sys/usr/bin:/software/@sys/usr/sbin:/usr/afs/bin:/software/@sys/usr/openssl/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/sbin:/usr/sbin:/usr/opt/svr4/bin:/usr/opt/svr4/sbin
--with-xauth=/usr/bin/X11/xauth --with-zlib --with-osfsia
--with-login=/usr/bin/login --with-privsep --with-afs=/usr/afsws
--with-kerberos5=/usr/heimdal
$make
[...]
$ cc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o
sshconnect2.o -L. -Lopenbsd-compat/ -L/software/@sys/usr/openssl/lib -Lyes 
-L/usr/heimdal/lib -lssh -lopenbsd-compat -lrt -lz -L/usr/local/lib
-L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm
-laud -lcrypto -lkrb5 -ldes -lcom_err -lasn1 -lroken
ld:
Can't locate file for: -ldes
make: *** [ssh] Error 1
$ cc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o
sshconnect2.o -L. -Lopenbsd-compat/ -L/software/@sys/usr/openssl/lib -Lyes 
-L/usr/heimdal/lib -lssh -lopenbsd-compat -lrt -lz -L/usr/local/lib
-L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm
-laud -lcrypto -lkrb5 -lcom_err -lasn1 -lroken
$ 

So I see configure still tries to guess which libraries are needed for KerberosV.


sshd has to be linked with -lcrypto as the very last, not like currently set:

cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o
sshlogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o
auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o
auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o
auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o kexdhs.o
kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o
auth-pam.o auth-sia.o md5crypt.o -L. -Lopenbsd-compat/
-L/software/@sys/usr/openssl/lib -Lyes  -L/usr/heimdal/lib -lssh
-lopenbsd-compat -lwrap  -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib
-L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto -lkrb5
-lcom_err -lasn1 -lroken
ld:
Unresolved:
DES_cbc_cksum
DES_cbc_encrypt
DES_pcbc_encrypt
RAND_write_file
RAND_file_name
UI_UTIL_read_pw_string
make: *** [sshd] Error 1


Running "make test" gives:

ssh-keygen -if /usr/local/scratch/openssh/regress/dsa_ssh2.pub >
/usr/local/scratch/openssh/regress//t6.out2
chmod 600 /usr/local/scratch/openssh/regress//t6.out1
ssh-keygen -yf /usr/local/scratch/openssh/regress//t6.out1 | diff -
/usr/local/scratch/openssh/regress//t6.out2
ssh-keygen -q -t rsa -N '' -f /usr/local/scratch/openssh/regress//t7.out
ssh-keygen -lf /usr/local/scratch/openssh/regress//t7.out > /dev/null
ssh-keygen -Bf /usr/local/scratch/openssh/regress//t7.out > /dev/null
run test connect.sh ...
Connection closed by 127.0.0.1
ssh connect with protocol 1 failed
Connection closed by 127.0.0.1
ssh connect with protocol 2 failed
failed simple connect
make[1]: *** [t-exec] Error 1
make[1]: Leaving directory `/usr/local/scratch/openssh/regress'
make: *** [tests] Error 2


I've deleted ssh*config files and edited those newly installed version again.
Could you please improve the comments in shhd_config template so that it clear
that "Kerberos options" refer to kerberosIV only and that "GSSAPI options"
refers only to kerberosV? ;)


# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCreds yes



And, I tried to start sshd but get:

# ./sshd -p 8888
/usr/local/etc/sshd_config line 66: Unsupported option GSSAPIAuthentication
/usr/local/etc/sshd_config line 67: Unsupported option GSSAPICleanupCreds
#



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list