Re: Unable to delegate credentials from Cygwin ssh client was Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-25 Thread Jeffrey Altman
On 6/25/2013 1:23 AM, Nogin, Aleksey wrote: > Jeffrey Altman wrote: > >>> I am running Heimdal's kinit (as came with MobaXterm 6.2) under >>> Windows 7 to get a ticket from a Windows AD, and then ssh'ing into RHEL >>> 5 and 6 boxes set up to use pam_krb to authenticate against the same >>> Windows

RE: Unable to delegate credentials from Cygwin ssh client was Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-24 Thread Nogin, Aleksey
Jeffrey Altman wrote: > > I am running Heimdal's kinit (as came with MobaXterm 6.2) under > > Windows 7 to get a ticket from a Windows AD, and then ssh'ing into RHEL > > 5 and 6 boxes set up to use pam_krb to authenticate against the same > > Windows AD. gssapi-with-mic authentication succeeds, b

Re: Packaging Heimdal for Cygwin was Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-24 Thread Jeffrey Altman
On 6/24/2013 5:10 AM, Corinna Vinschen wrote: > On Jun 21 13:35, Jeffrey Altman wrote: >> Since Cygwin Heimdal is built as Linux without any platform specific >> credential cache support it will be restricted to using FILE: caches as >> a ticket store. Microsoft Kerberos never uses FILE: based cac

Re: Packaging Heimdal for Cygwin was Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-24 Thread Corinna Vinschen
On Jun 21 13:35, Jeffrey Altman wrote: > Since Cygwin Heimdal is built as Linux without any platform specific > credential cache support it will be restricted to using FILE: caches as > a ticket store. Microsoft Kerberos never uses FILE: based caches and > native MIT and Heimdal distributions use

Packaging Heimdal for Cygwin was Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-21 Thread Jeffrey Altman
On 6/21/2013 10:07 AM, Corinna Vinschen wrote: >> To the best of my knowledge the Heimdal developers have not been >> contacted by the Cygwin Heimdal package maintainer. > > Well, if it builds... We are discussing security software that must integrate with the native environment. When MIT or Hei

Unable to delegate credentials from Cygwin ssh client was Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-21 Thread Jeffrey Altman
On 6/14/2013 5:39 PM, Nogin, Aleksey wrote: > I am experiencing the same error that Corinna Vinschen have reported on > cygwin-apps mailing list about a year ago without any obvious resolution(*), > and I was wondering whether somebody was able to resolve it since. > > I am running Heimdal's kin

Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-21 Thread Corinna Vinschen
On Jun 21 09:39, Jeffrey Altman wrote: > On 6/21/2013 3:43 AM, Corinna Vinschen wrote: > > Guys, whatever the problem here is, it needs to be investigated and > > potentially implemented by somebody who knows this kerberos/gss-api > > stuff. Openssh is built against these libraries and that's it f

Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-21 Thread Jeffrey Altman
On 6/21/2013 3:43 AM, Corinna Vinschen wrote: > Guys, whatever the problem here is, it needs to be investigated and > potentially implemented by somebody who knows this kerberos/gss-api > stuff. Openssh is built against these libraries and that's it from my > side. If something's missing in opens

Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-21 Thread Corinna Vinschen
On Jun 20 18:56, Jeffrey Altman wrote: > On 6/20/2013 6:31 PM, Nogin, Aleksey wrote: > > Jeffrey Altman wrote: > > > >>> debug1: SSH2_MSG_SERVICE_REQUEST sent > >>> debug1: SSH2_MSG_SERVICE_ACCEPT received > >>> debug1: Authentications that can continue: > >>> publickey,gssapi-with-mic,password >

Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-20 Thread Jeffrey Altman
On 6/20/2013 6:31 PM, Nogin, Aleksey wrote: > Jeffrey Altman wrote: > >>> debug1: SSH2_MSG_SERVICE_REQUEST sent >>> debug1: SSH2_MSG_SERVICE_ACCEPT received >>> debug1: Authentications that can continue: >>> publickey,gssapi-with-mic,password >>> debug1: Next authentication method: gssapi-with-mi

RE: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-20 Thread Nogin, Aleksey
Jeffrey Altman wrote: >> debug1: SSH2_MSG_SERVICE_REQUEST sent >> debug1: SSH2_MSG_SERVICE_ACCEPT received >> debug1: Authentications that can continue: >> publickey,gssapi-with-mic,password >> debug1: Next authentication method: gssapi-with-mic >> debug1: Miscellaneous failure (see text) unknow

Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-20 Thread Jeffrey Altman
On 6/14/2013 5:39 PM, Nogin, Aleksey wrote: > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey,gssapi-with-mic,password > debug1: Next authentication method: gssapi-with-mic > debug1: Miscellaneous failure (see

Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-15 Thread Larry Hall (Cygwin)
On 6/14/2013 6:56 PM, Nogin, Aleksey wrote: An easy way to help answer this question is to update your 'openssh' (and 'cygwin') package(s) at least and see if that helps. Allot has changed in the last year+. I've created a fresh installation of Cygwin, and see the exact same error: $ ssh -v

RE: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-14 Thread Nogin, Aleksey
> An easy way to help answer this question is to update your 'openssh' > (and 'cygwin') package(s) at least and see if that helps. Allot has changed > in the last year+. I've created a fresh installation of Cygwin, and see the exact same error: $ ssh -v XXXhostXXX OpenSSH_6.2p2, OpenSSL 1.0.1e

Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"

2013-06-14 Thread Larry Hall (Cygwin)
On 6/14/2013 5:39 PM, Nogin, Aleksey wrote: One thing I did notice is that when I ssh into an RHEL box, afterwards kinit on the client (Cygwin) side shows a ticket for the RHEL host (as expected), yet it shows that the ticket lacks the "forwardable" flag, which would probably explain the failur