On Fri, 21 Aug 2009, 11:52 +0200, Matthias Andree wrote: > Am 21.08.2009, 09:01 Uhr, schrieb John Marshall > <john.marsh...@riverwillow.com.au>: > > >Does *anybody* have this working? > > > >I've been using SSH with GSSAPI authentication for a couple of years but > >found it no longer worked with sshd on an FreeBSD 8.0-BETA. FreeBSD > >8.0-BETA has OpenSSH 5.2p1 included in the base system. I have tried > >installing the OpenSSH 5.2p1 port (security/openssh-portable) on FreeBSD > >7.2 servers and I can't get that to work either. sshd from the OpenSSH > >5.1p1 included in the 7.n base system works fine. > > > >The only common denominator in all of my testing has been OpenSSH 5.2p1. > >The debug logging from sshd shows that the gssapi library returns an > >authentication failure; but gssapi authentication for squid and ldap > >work fine on the same box (both 7.2 and 8.0). > > > >I'm stuck. The OpenSSH folks say that nothing has changed that would > >break gssapi authentication. > > > >Does *anybody* have this working? > > How does this relate to your post on -CURRENT where you suggest upgrade > Heimdal for 8.0 from 1.1.0 to 1.2.1 (you wrote that you needed that for > OpenLDAP)? Have you built OpenSSH against Heimdal 1.2.1 or against 1.1.0?
It doesn't. The version of Heimdal seems not to make any difference. I can't get joy with any of these combinations: sshd Heimdal FreeBSD ---- ------- ------- base 5.2p1 base 1.1.0 8.0-BETA2 port 5.2p1 port 1.2.1% 8.0-BETA2 port 5.2p1 port 1.0.1 7.2-RELEASE port 5.2p1 port 1.2.1% 7.2-RELEASE [% = 1.0.1 heimdal port hacked to install 1.2.1] Hmmm. While validating the table above, I tried something I hadn't tried before. This works: port 5.2p1 base 0.6.3 7.2-RELEASE I just tried a 'make configure' on security/openssh-portable on 8.0, to start digging into the configure log, and discover that the port is now marked as 'broken' for 8.0. I'll spend a while on the ssh port on 7.2 and see if I can discover any clues. -- John Marshall
pgpxyO4NCebml.pgp
Description: PGP signature
