Displaying 20 results from an estimated 10000 matches similar to: "[Bug 944] ssh_config missing default configuration values for GSSAPI"
2006 Jul 10
1
[Bug 944] ssh_config missing default configuration values for GSSAPI
http://bugzilla.mindrot.org/show_bug.cgi?id=944
mmokrejs at ribosome.natur.cuni.cz changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
------- Comment #3 from mmokrejs at ribosome.natur.cuni.cz
2006 Dec 14
1
Problems using gssapi authentication from FreeBSD to Linux machines
Hi all,
I'm really struggling with getting Kerberos authentication to work
between a FreeBSD host and a Linux host. I'm using the latest 6-
STABLE code on the FreeBSD box, I've got forwardable Kerberos tokens
(verified with "klist -f") and Kerberos and ssh are working fine in
all other ways, but I can't get the Linux box to accept the Kerberos
ticket as
2023 Aug 02
1
[PATCH] ssh_config: reflect default CheckHostIP no
Checking up on this change:
On Wed, 29 Mar 2023 at 19:38, Ed Maste <emaste at freefall.freebsd.org> wrote:
>
> From: Ed Maste <emaste at FreeBSD.org>
>
> By convention settings in ssh_config are shown with a commented out
> default.
>
> Fixes: 6cb52d5bf771 ("upstream: make CheckHostIP default to 'no'...")
> ---
> ssh_config | 2 +-
> 1
2007 May 06
2
[Bug 1312] Add short command-line option -K for activating GSSAPIDelegateCredentials
http://bugzilla.mindrot.org/show_bug.cgi?id=1312
Summary: Add short command-line option -K for activating
GSSAPIDelegateCredentials
Product: Portable OpenSSH
Version: 4.4p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Kerberos support
2011 Jul 28
1
intermittent problems obtaining shell with gssapi-with-mic
Hi,
I am seeing a rather strange issue with openssh-5.3p1 (both client and
server) under scientific linux 6. The systems in question are set up
to authenticate against a Kerberos server. ssh'ing between machines
works fine 99% of the time with the gssapi-with-mic method. But on
occasion an ssh session will fail to spawn a sheel for the user after
authentication. An example -vvv output in this
2012 Jul 09
2
How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?
Hi,
I am doing some kerberos testing with samba4 using ssh. I have setup
samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and
active directory seems to be working both with Windows and Linux clients.
ssh unfortunately is not kerberos authenticating via GSSAPI. The client
krb5.conf contains this:
=====================================================
[libdefaults]
2006 Feb 10
0
OpenSSH ControlAllowUsers, et al Patch
Attached (and inline) is a patch to add the following config options:
ControlBindMask
ControlAllowUsers
ControlAllowGroups
ControlDenyUsers
ControlDenyGroups
It pulls the peer credential check from client_process_control() in ssh.c,
and expounds upon it in a new function, client_control_grant().
Supplemental groups are not checked in this patch. I didn't feel comfortable
taking a shot
2009 Jul 17
1
GSSAPI Kerberos Differences between 5.1p1 and 5.2p1?
Hello,
I'm trying to find clues on what may have changed for GSSAPI (Kerberos)
authentication between OpenSSH 5.1p1 and 5.2p1. We have been using
GSSAPI authentication for ssh for about 18 months with no problem with
the OpenSSH build that is bundled with the FreeBSD operating system.
All of those machines have OpenSSH 5.1p1. Last week I upgraded one of
the servers to FreeBSD 8.0-BETA1
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2006 Aug 18
2
[Bug 1219] typo in ssh_config
http://bugzilla.mindrot.org/show_bug.cgi?id=1219
Summary: typo in ssh_config
Product: Portable OpenSSH
Version: 4.3p2
Platform: Other
OS/Version: All
Status: NEW
Severity: trivial
Priority: P2
Component: Miscellaneous
AssignedTo: bitbucket at mindrot.org
ReportedBy: dleonard at vintela.com
2020 Aug 26
8
[Bug 3203] New: Could default_ccache_name from krb5.conf be used for GSSAPI connections?
https://bugzilla.mindrot.org/show_bug.cgi?id=3203
Bug ID: 3203
Summary: Could default_ccache_name from krb5.conf be used for
GSSAPI connections?
Product: Portable OpenSSH
Version: 8.3p1
Hardware: ix86
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
2015 Feb 26
2
Samba4 SSH SSSD-AD Problem
Hi,
I'm having a problem with ssh and sssd in a samba4 ad environment.
If I logon a linux client everything works fine. When entering klist I'm able
to see my ticket. When I try to connect/logon to another linux client with ssh
it is possible, but klist shows:
klist: Credentials cache file '/run/user/$UID$/krb5cc/tkt' not found.
So the ticket cache is not created during
2014 May 25
2
Samba 4 / Kerberos / ssh
I try to get Samba 4 with ssh running.
I found in the Script from Matthieu Patou tot he sysvol sync the follwing intresting line.
---
kinit -k -t /etc/krb5.keytab `hostname -s | tr "[:lower:]" "[:upper:]"`\$
rsync -X -u -a $dc_account_name\$@${dc}.${domain}:$SYSVOL $STAGING
---
when i understand correct he uses the domain controller service principle to connect to the
2009 May 06
1
Kerberos and 2008 AD troubles
I've been trying to get Kerberos to work for the last couple of days so
that we can use SSO. I can't seem to get past a roadblock and Google
doesn't seem to provide any answers. I've got Samba connected to the AD
and running. I can wbinfo everything and can login to the machine using
PAM with the pam_winbind modules just fine. I can get user tickets just
fine. When I try to get ssh
2019 Jan 15
4
SSH SSO without keytab file
Hai,
Lets start here.
Handy for us to know.
OS?
Samba version?
AD or member setup?
And I suggest, set this in the ssh server.
# GSSAPI options
GSSAPIAuthentication yes
Restart the ssh server and try to SSO login.
If its a AD server this should work.
Yes, you dont get home dir etc, end up in / after login, but lets check if this works.
Greetz,
Louis
> -----Oorspronkelijk
2016 Nov 24
17
[Bug 2643] New: Can not ssh with tr_TR.UTF-8 locale (Bad configuration options)
https://bugzilla.mindrot.org/show_bug.cgi?id=2643
Bug ID: 2643
Summary: Can not ssh with tr_TR.UTF-8 locale (Bad configuration
options)
Product: Portable OpenSSH
Version: 7.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: ssh
2004 May 23
5
OpenSSH v3.8p1 fails to interoperate for GSSAPI (Kerberos) and X-Windows
Versions: openssh-3.8p1-33, heimdal-0.6.1rc3-51, XFree86-4.3.99.902-40,
tk-8.4.6-37, all from SuSE 9.1 (unhacked); back-version peers have
openssh-3.5p1, XFree86-4.3.0-115, etc. from SuSE 8.2.
Symptoms:
1. When the client and server versions are unequal, the Kerberos ticket
is not accepted for authentication. All the clients have
PreferredAuthentications gssapi-with-mic, gssapi, others.
2.
2019 Jan 18
1
SSH SSO without keytab file
Thanks for the prompt reply!
> I did see that you are using Administrator, and thats the problem.
> Administrator is mapped to root ( most of the time ),
> if you assigned Administrator UID = 0 then you have a problem, because only root = uid 0.
>
> Never ever give Administrator a UID/GID
I am using tdb backend. It mapped administrator account to 12000:10000.
> So try again
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2000 Aug 28
1
[OpenSSH] sample line about ForwardX11 in ssh_config file is not fit to default setting
Hi
OpenSSH developers
I use OpenSSH under FreeBSD. It's cool and useful for me.
By the way, sample line of ForwardX11 in ssh_config was not fit
for default setting in readconf.c. I want to change ssh_config.
----------
In ssh source (src/usr.bin/ssh/readconf.c), currently ForwardX11
is disabled.
731 if (options->forward_x11 == -1)
732