Dear OpenSSH developers,
Hi, taking the liberty of sending this to your mailing list in the hope
someone will be able to help. The KTH version of Kerberos 4 was the only
one I was able to find.
In case you don't want to look at all the stuff below, the situation is
briefly that I am trying to compile openssh with kerberos 4 support, which
it apparently has. However, it can't find krb.h, which is right there. And
it compiles OK, but gives "KerberosTgtPassing yes" as a bad option,
which
can't be good, and I don't get properly authenticated when I log in,
which
is obviously the whole point. If this ssh cannot be compiled with this
krb4 version, can you suggest a version it *would* compile correctly with?
It is possible the configure file could be tweaked to perform correctly,
but how?
I heard this compiles correctly on OpenSSH. Since OpenSSH is free, what
version of krb4 are they using there?
Best regards, Faheem Mitha.
---------- Forwarded message ----------
Date: Thu, 14 Sep 2000 00:36:57 -0400 (EDT)
From: Faheem Mitha <faheem at email.unc.edu>
To: ssh at clinet.fi
Subject: Re: modifying Openssh config script for KTH-KRB
Just after I sent this message, I decided to see whether Kerberos4 support
would work anyway, even without the krb.h. I get
ssh -v sun gives...
*******************************************
debug: Trying Kerberos authentication.
debug: Kerberos V4 authentication accepted.
debug: Kerberos V4 challenge successful.
*******************************************
This is encouraging (sort of)
However, it still does not appear to be working properly, as I cannot read
my files (don't have the appropriate permissions). This happens when I
have not been properly authenticated. Oh, yes "KerberosTgtPassing yes"
is
still a "Bad configuration option", though
"KerberosAuthentication yes" is
now apparently OK.
Can anyone suggest what to try now? Is the missing krb.h part of the
problem?
Best regards, Faheem Mitha.
On Thu, 14 Sep 2000, Faheem Mitha wrote:
>
> Dear people,
>
> Openssh appears to have the option to compile with krb4 support, judging
> by the config script. There is a line that says
>
> ac_help="$ac_help
> --with-kerberos4=PATH Enable Kerberos 4 support"
>
> I assume this means add the flag
>
> --with-kerberos4=PATH
>
> to ./configure.
>
> However, I have the KTH version of KERBOROS, which has files in
> idiosyncatic places. All the stuff is in /usr/athena, with subdirectories
> like lib and include. krb.h is in /usr/athena/include, but the script
> complains it cannot find it when I set PATH=/usr/athena. I get the
> following output from configure which seems relevant. I have no idea what
> "checking for main in -lkrb... yes" means.
>
> ******************************************************************
> checking for krb.h... no
> checking for main in -lkrb... yes
> configure: warning: Cannot find krb.h, build may fail
> ******************************************************************
>
> I don't understand these scripts well enough to understand what is
going
> on. Can someone tell me what I need to do. The relevant area of configure
> appears below. I hope drastic changes will not be necessary.
>
> By the way, I have no idea what the KRB4_MSG="no" means. My
impression is
> that it has no functional part, but I could be wrong.
>
> ********************************************************************
> # Check whether user wants Kerberos support
> KRB4_MSG="no"
> # Check whether --with-kerberos4 or --without-kerberos4 was given.
> if test "${with_kerberos4+set}" = set; then
> withval="$with_kerberos4"
>
> if test "x$withval" != "xno" ; then
>
> if test "x$withval" != "$xyes"
; then
> CFLAGS="$CFLAGS
-I${withval}/include"
> LDFLAGS="$LDFLAGS
-L${withval}/lib"
> if test ! -z "$need_dash_r" ;
then
> LDFLAGS="$LDFLAGS
> -R${withval}/lib"
> fi
> if test ! -z "$blibpath" ; then
>
> blibpath="$blibpath:${withval}/lib"
> fi
> else
> if test -d /usr/include/kerberosIV ; then
> CFLAGS="$CFLAGS
> -I/usr/include/kerberosI
> fi
> fi
>
> for ac_hdr in krb.h
> ***************************************************************************
>
> I'd appreciate any help.
>
> Faheem.
>
>