On Sat, 22 Aug 2009, 10:12 +1000, John Marshall wrote: > I just tried a 'make configure' on security/openssh-portable on 8.0, to > start digging into the configure log, and discover that the port is now > marked as 'broken' for 8.0. I'll spend a while on the ssh port on 7.2 > and see if I can discover any clues.
I found a few instances of things like the following in config.log... -------------- /usr/bin/ld: warning: libkrb5.so.9, needed by /usr/lib/libgssapi_krb5.so, may conflict with libkrb5.so.25 /usr/bin/ld: warning: libroken.so.9, needed by /usr/lib/libgssapi_krb5.so, may conflict with libroken.so.19 /usr/bin/ld: warning: libasn1.so.9, needed by /usr/lib/libgssapi_krb5.so, may conflict with libasn1.so.8 -------------- ...and noted that the quoted ./configure command line at the top of the log included "--with-kerberos5=" (no value). I provided an explicit "KRB5_HOME=/usr/local" to make which resolved those warnings - but still results in an sshd which will not work with gssapi. The only build of sshd 5.2p1 which works (for me) with gssapi is a build on FreeBSD 7.2 against the base Heimdal (0.6.3). Note that the only way I found to achieve that was to remove the Heimdal port first, to prevent the OpenSSH build finding Heimdal port libraries in /usr/local. Specifying "KRB5_HOME=/usr" was not sufficient to prevent the build searching /usr/local first. Perhaps there is more tweaking necessary to get OpenSSH to be happy with Heimdal > 0.6.3? Note that in all cases the OpenSSH 5.2p1 client (/usr/local/bin/ssh) authenticates successfully via gssapi to existing sshd servers. It's just the /usr/local/sbin/sshd linked with newer Heimdal libraries that doesn't seem to want to play. -- John Marshall
pgpeSTrFQw2sz.pgp
Description: PGP signature
