search for: kerberosiv

Hi All, The OpenBSD tree is likely to be dropping KerberosIV support very soon. We will ultimately follow suit, but if there are many Krb4 users we may give a transition period of a release or two. AFAIK we don't compile at all against MIT KrbIV because of library conflicts. So, who is using OpenSSH Krb4 support at the moment? -d

Hi, I think kerberosIV authentication is broken in openssh-3.4p1 in ssh2 version protocol: nmrindy$ klist Ticket file: /tmp/tkt111_429097 Principal: mmokrejs at NATUR.CUNI.CZ Issued Expires Principal Aug 19 12:40:49 Aug 19 22:40:49 krbtgt.NATUR.CUNI.CZ at NATUR.CUNI.CZ Aug 19 12:40:49 Au...

...rpm), as the version shipped on RHEL/CentOS/etc has a known bug (version 1.11.2-unix "cvs watch on" doesn't work). The initial configure is failing with this obscure error: configure:2257: checking for C compiler default output file name configure:2260: gcc -I/usr/kerberos/include/kerberosIV -I/usr/kerberos/include/kerberosIV conftest.c -lkrb4 -ldes425 -lk5crypto >&5 /usr/bin/ld: cannot find -lkrb4 collect2: ld returned 1 exit status The file(s) do indeed exist in /usr/kerberos/lib, and that path is in my /etc/ld.so.conf (re-ran /sbin/ldconfig just in case). The strange thi...

...DFLAGS="$LDFLAGS -L${withval}/lib" - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${withval}/lib" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:${withval}/lib" - fi - else - if test -d /usr/include/kerberosIV ; then - CPPFLAGS="$CPPFLAGS -I/usr/include/kerberosIV" - fi - fi - - AC_CHECK_HEADERS(krb.h) - AC_CHECK_LIB(krb, main) - if test "$ac_cv_header_krb_h" != yes; then - AC_MSG_WARN([Cannot find krb.h, build may fail]) - fi - if test "$ac_cv_lib_krb_main&...

...s of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/crypto/heimdal/appl/telnet/telnet/telnet.c 1.1.1.1.2.4 src/crypto/kerberosIV/appl/telnet/telnet/telnet.c 1.1.1.1.2.1 src/crypto/telnet/telnet/telnet.c 1.4.2.6 src/usr.bin/telnet/telnet.c 1.8.2.4 RELENG_4_11 src/UPDATING 1.73.2.91.2.2 src/crypto/he...

...ages: /usr/local/man/manX PID file: /usr/local/etc Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin Manpage format: man PAM support: no KerberosIV support: no KerberosV support: no Smartcard support: no AFS support: no S/KEY support: no TCP Wrappers support: yes MD5 password support: no IP address in $DISPLAY hack: no Use...

...DFLAGS="$LDFLAGS -L${withval}/lib" + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R${withval}/lib" + fi + if test ! -z "$blibpath" ; then + blibpath="$blibpath:${withval}/lib" + fi + else + if test -d /usr/include/kerberosIV ; then + CPPFLAGS="$CPPFLAGS -I/usr/include/kerberosIV" + fi + fi + + AC_CHECK_HEADERS(krb.h) + AC_CHECK_LIB(krb, main) + if test "$ac_cv_header_krb_h" != yes; then + AC_MSG_WARN([Cannot find krb.h, build may fail]) + fi + if test "$ac_cv_lib_krb_main&...

...VE_LOGIN_CAP */ # ifndef HAVE_CYGWIN /* Index: ssh.h --- ssh.h 2001/02/13 07:43:17 1.1 +++ ssh.h 2001/02/13 22:00:07 @@ -520,7 +520,12 @@ ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n); #ifdef KRB4 +#ifdef HAVE_BSD_AUTH_H +#define DES_DEFS /* prevent BSD/OS krb.h from including kerberosIV/des.h */ +#include <kerberosIV/krb.h> +#else /* !HAVE_BSD_AUTH_H */ #include <krb.h> +#endif /* HAVE_BSD_AUTH_H */ /* * Performs Kerberos v4 mutual authentication with the client. This returns 0 * if the client could not be authenticated, and 1 if authentication was Index: configu...

...advertising requirement. Please refer to README in the source distribution for the exact license terms. * Rhosts authentication has been removed in ssh(1) and sshd(8). * Changes in Kerberos support: - KerberosV password support now uses a file cache instead of a memory cache. - KerberosIV and AFS support has been removed. - KerberosV support has been removed from SSH protocol 1. - KerberosV password authentication support remains for SSH protocols 1 and 2. - This release contains some GSSAPI user authentication support to replace legacy KerberosV authentic...

...al/etc Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/manX PID file: /var/run Random number collection: Device (/dev/urandom) Manpage format: man PAM support: no KerberosIV support: no AFS support: no S/KEY support: no TCP Wrappers support: yes MD5 password support: yes IP address in $DISPLAY hack: no Use IPv4 by default hack: no Translate v4 in v6 hack: yes Host: i686-pc-linux-gnu...

Well, I've finally gotten around to compiling and testing OpenSSH 2.5.2p1, in order to update the contrib/solaris packaging scripts. Somehow on my test system, I'm getting errors that indicate that I've still got some old copy of OpenSSL being found somewhere...but I can't for the life of me tell where. The compile went fine (it found the OpenSSL 0.9.5a libraries that I had

...ages: /usr/local/man/manX PID file: /usr/local/etc Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin Manpage format: man PAM support: no KerberosIV support: no KerberosV support: no Smartcard support: no AFS support: no S/KEY support: no TCP Wrappers support: yes MD5 password support: no IP address in $DISPLAY hack: no Use...

...al/etc Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/manX PID file: /var/run Random number collection: Device (/dev/urandom) Manpage format: man PAM support: no KerberosIV support: no AFS support: no S/KEY support: no TCP Wrappers support: no MD5 password support: no IP address in $DISPLAY hack: no Use IPv4 by default hack: no Translate v4 in v6 hack: yes Host: i686-pc-linux-gnu...

...r-x 41 root wheel 1.0k Apr 20 14:00 games/ drwxr-xr-x 6 root wheel 512 Apr 20 14:01 gnu/ drwxr-xr-x 6 root wheel 1.5k Apr 20 14:01 include/ drwxr-xr-x 7 root wheel 512 Apr 20 14:01 kerberos5/ drwxr-xr-x 8 root wheel 512 Apr 20 14:01 kerberosIV/ drwxr-xr-x 57 root wheel 1.5k Apr 20 14:02 lib/ drwxr-xr-x 35 root wheel 1.0k Apr 20 14:02 libexec/ drwxr-xr-x 10 root wheel 512 Apr 20 14:02 release/ drwxr-xr-x 81 root wheel 1.5k Apr 20 14:02 sbin/ drwxr-xr-x 6 root wheel 512 Apr 20...

...s of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/crypto/heimdal/appl/telnet/telnet/telnet.c 1.1.1.1.2.4 src/crypto/kerberosIV/appl/telnet/telnet/telnet.c 1.1.1.1.2.1 src/crypto/telnet/telnet/telnet.c 1.4.2.6 src/usr.bin/telnet/telnet.c 1.8.2.4 RELENG_4_11 src/UPDATING 1.73.2.91.2.2 src/crypto/he...

Portable OpenSSH 2.5.2p2 is now available from the mirror sites listed at http://www.openssh.com/portable.html Security related changes: Improved countermeasure against "Passive Analysis of SSH (Secure Shell) Traffic" http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt The countermeasures introduced in earlier OpenSSH-2.5.x versions caused interoperability problems with

Portable OpenSSH 2.5.2p2 is now available from the mirror sites listed at http://www.openssh.com/portable.html Security related changes: Improved countermeasure against "Passive Analysis of SSH (Secure Shell) Traffic" http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt The countermeasures introduced in earlier OpenSSH-2.5.x versions caused interoperability problems with

...h Askpass program: /opt/openssh/libexec/ssh-askpass Manual pages: /opt/openssh/man/manX PID file: /var/run Random number collection: Device (/dev/urandom) Manpage format: man PAM support: yes KerberosIV support: no AFS support: no S/KEY support: no TCP Wrappers support: yes MD5 password support: no IP address in $DISPLAY hack: no Use IPv4 by default hack: yes Translate v4 in v6 hack: yes Host: i586-pc-linux-gnu...

Hi all, trawled through the archives and did'nt find what I was looking for so here goes. This may be common knowledge or may not for the developers here ... maybe it will save someone some time anyhow. I'm running Redhat 6.2, **2.4.0-test1 kernel**, openssh-2.1.1p2.tar.gz, openssl-0.9.5a.tar.gz, with these options. sh configure --with-tcp-wrappers --with-md5-passwords

On Thu, 18 Nov 1999, Peter Losher wrote: > Has anyone gotten OpenSSH (v1.2) to work with KRB5? I have > defined Kerberos by typing 'make KERBEROS=YES' and it defaults to > KerberosIV as such in /usr/ports/security/openssh/: OpenSSH currently only supports Kerberos v4. sorry. :-( the Kerberos v5 support that was integrated into the original SSH was based on my earlier Kerberos v4 patch - but it was implemented using the same SSH auth protocol message types, so support for the...