Displaying 20 results from an estimated 1000 matches similar to: "Bug in gssapi support"
2006 Mar 01
1
Patch to src/auth/mech-gssapi.c
This bug causes a segfault when compiled against heimdal, but not
MIT krb5. Either way, I think this code is correct.
HTH.
----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin UF/CISE Department |
| E314D CSE Building Phone (352) 392-1499 |
| jfh at cise.ufl.edu
2006 Feb 27
2
Bug in Kerberos support for openssh.
It took me a while to track this down. I am using MIT Kerberos 1.4.3
and libgssapi-0.7. With some patches that came with Suse 10, but that
doesn't appear to be relevant. I have been using openssh-4.2p1 (with
Simon's patches) and openssh-4p3p2 out of the box. I see the same
problem no matter which version of openssh I am using. I am using two
Suse Linux x86 boxes as a test
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2011 Aug 29
4
Kerberos GSSAPI - proper item name in keytab
Hello, ALL.
I am trying to organize a transparent single sign-on concept for my
Active Directory users into Dovecot via IMAP. On the user's desktop I
use Thunderbird 6.0 as a mail client (MUA), Windows XP as an operating
system. Domain is controlled by Windows 2008 Server SP2 with Active
Directory.
I have installed on my Mail server Debian GNU/Linux 6.0.2 (Squeeze) and
Dovecot 2.0.13 from
2003 Sep 30
0
Samba 3.0.0 compile problems (with gssapi headers)
Hello,
I have a compile problem concerning samba-3.0.0 (final) with gssapi on a
Solaris 9 machine. I don't know how to fix this, so any suggestions are
welcome.
Situation:
We use LDAP to authenticate logins of a group of users, so I want to use
this LDAP directory also from samba. (Openldap-2.1.22 was compiled with
BerkeleyDB.4.1, heimdal-0.6 kerberos, and cyrus-sasl-2.1.13).
After a
2007 Mar 08
1
Coredump in dovecot-auth on gss auth
I've enabled the GSS code in dovecot, but our Kerberos nerds
are complaining that it doesn't work :) I probably have the
thing totally misconfigured (so don't worry about that part for
now), but I do have a crash:
Info: imap-login: Disconnected: rip=XXX.YYY.229.8, lip= XXX.YYY.17.59, TLS handshake
Error: auth(default): gssapi(?,XXX.YYY.229.8): While acquiring service credentials: No
2005 Dec 30
1
Compile problem on FreeBSD 6.0-STABLE
Trying to update to dovecot-1.0.alpha5 and seeing this at compile time:
mech-gssapi.o mech-gssapi.c; then mv -f ".deps/mech-gssapi.Tpo"
".deps/mech-gssapi.Po"; else rm -f ".deps/mech-gssapi.Tpo"; exit 1; fi
mech-gssapi.c:30:27: gssapi/gssapi.h: No such file or directory
mech-gssapi.c:42: error: syntax error before "gss_ctx_id_t"
mech-gssapi.c:51: error:
2008 Aug 12
2
[PATCH] Allow GSSAPI to work with multihomed hosts
I saw some past chatter on this in the list archives, but here is
another stab and another rational.
This patch follows a similar patch to openssh in that it allows any
key in the specified keytab to match the incoming host key. This is
necessary for multihomed hosts. See:
https://bugzilla.mindrot.org/show_bug.cgi?id=928
IMAP/POP seem to be a strong candidate to be multihomed because they
are
2006 Sep 18
1
Incorrect GSSAPI Service Name for POP3
In pop3-login/client-authenticate.c, when sasl_server_auth_begin() is
called, it does so with the service name of "POP3". GSSAPI uses this
service name when obtaining its service credentials. The problem is
that according to http://www.iana.org/assignments/gssapi-service-names ,
the service name should instead be simply "pop". This causes GSSAPI
authentication to fail when
2018 Oct 04
2
CentOS 7.5, Apache 2.4, Kerberos
Hi List,
My goal in sending this email is to get some direction on where to start
looking to solve my problem. Thank you all in advance for reading through
this and providing any guidance!
I'm working on moving to new servers, upgrading from CentOS 6.7 to CentOS
7.5. In this move, we are also upgrading from Apache/2.2.15 to Apache/
2.4.33. Our servers are all sitting behind a load
2008 Aug 12
5
[PATCH] Support GSS-SPNEGO natively
I cooked this up while trying to figure out why thunderbird on Windows
w/ SSPI was not working, but it turned out thunderbird does not use
it, so I haven't been able to test it yet. I'm presenting it for
discussion only, unless someone else can try it :)
Modern versions of MIT kerberos support GSS-SPNEGO natively, but are
only willing to negotiate for kerberos tickets and not NTLM
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2007 Nov 13
1
compile error in hp-ux 11.23PA system with OpenSSH4.7p1
Hi all,
I am compiling the OpenSSH4.7p1 on hp-ux PA11.23 system, however, it gives the following bug:
cc +DD64 -I. -I. -I../include/openssl -I../include/tcpwrap -I../include/zlib -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -I/usr/local/include -I../include/gssapi -DSSHDIR=\"/opt/ssh/etc\" -D_PATH_SSH_PROGRAM=\"/opt/ssh/bin/ssh\"
2004 Mar 04
4
Solaris 9 --with-krb5 problems
Hi,
I am running configure with the option --with-krb5=/opt/local which is
where I have heimdal installed. The problem is that after running make,
it still tries to use the include files from SUN that are in /usr/ and this
screws up the compile.
I can compile samba just fine using --without-krb5.
I have already tried:
setenv CFLAGS "-L/opt/local/lib"
setenv CPPFLAGS
2007 Feb 03
1
GSSAPI authentication behind HA servers
Hi all,
We have 2 mail servers sitting behind linux-HA machines.The mail
servers are currently running dovecot 1.0rc2.
Looking to enable GSSAPI authentication, I exported krb keytabs for
imap/node01.domain at REALM and imap/node02.domain at REALM for both mail
servers.
However, clients are connecting to mail.domain.com, which results in a
mismatch as far as the keytab is concerned (and rightly
2003 Oct 30
1
Patch to make sshd work on multihomed systems
As far as I know this patch has no security implications -- I don't
believe that allowing sshd to use get_local_name() (in canohost.c) on
a connected socket to determine it's own fqdn will allow a malicious
client (or router or dns server) to make it come to the wrong
conclusion. But please let me know if you think I'm wrong.
Please also let me know if you're just not interested
2003 Oct 28
2
Privilege separation
Hello!
Please consider including the attached patch in the next release. It
allows one to drop privilege separation code while building openssh by using
'--disable-privsep' switch of configure script. If one doesn't use privilege
separation at all, why don't simply allow him to drop privilege separation
support completely?
--
Sincerely Your, Dan.
-------------- next part
2007 Mar 27
3
Building problem on FreeBSD with GSSAPI
I have error while compiling dovecot with GSSAPI under FreeBSD 6.2:
Is this dovecot-related or not?
cc -std=gnu99 -O2 -fno-strict-aliasing -pipe -Wall -W
-Wmissing-prototypes -Wmissing-declarations -Wpointer-arith
-Wchar-subscripts -Wformat=2 -Wbad-function-cast -o dovecot-auth auth.o
auth-cache.o auth-client-connection.o auth-master-connection.o
auth-master-listener.o auth-module.o
2003 Dec 01
0
No subject
Edit the file called src/EDITME and put the result in a file called
Local/Makefile.
Then you may proceed ... and next time ... you post an error message you
may want to be specific ... not "or something like that" ...
On Mon, 21 May 2001, Mager Charles WB wrote:
> Again another email ALMOST off the point, but not quite. The first question,
> which is to do with samba, is - How
2011 Nov 28
3
setting up a "server"
Hi,
I have the install guide and the admin guide....nothing in either that I can see from the contents pages tells me how to create the first "server" ( I assume that is what I have to do?)
Is there another doc Im missing? or a good URL for a howto on a redhat based machine?
Also from what I can see the "free" version is cli only?
and there is no virtual (vmware) appliance?