similar to: [Bug 944] ssh_config missing default configuration values for GSSAPI

http://bugzilla.mindrot.org/show_bug.cgi?id=944 mmokrejs at ribosome.natur.cuni.cz changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Comment #3 from mmokrejs at ribosome.natur.cuni.cz

Hi all, I'm really struggling with getting Kerberos authentication to work between a FreeBSD host and a Linux host. I'm using the latest 6- STABLE code on the FreeBSD box, I've got forwardable Kerberos tokens (verified with "klist -f") and Kerberos and ssh are working fine in all other ways, but I can't get the Linux box to accept the Kerberos ticket as

Checking up on this change: On Wed, 29 Mar 2023 at 19:38, Ed Maste <emaste at freefall.freebsd.org> wrote: > > From: Ed Maste <emaste at FreeBSD.org> > > By convention settings in ssh_config are shown with a commented out > default. > > Fixes: 6cb52d5bf771 ("upstream: make CheckHostIP default to 'no'...") > --- > ssh_config | 2 +- > 1

http://bugzilla.mindrot.org/show_bug.cgi?id=1312 Summary: Add short command-line option -K for activating GSSAPIDelegateCredentials Product: Portable OpenSSH Version: 4.4p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Kerberos support

Hi, I am seeing a rather strange issue with openssh-5.3p1 (both client and server) under scientific linux 6. The systems in question are set up to authenticate against a Kerberos server. ssh'ing between machines works fine 99% of the time with the gssapi-with-mic method. But on occasion an ssh session will fail to spawn a sheel for the user after authentication. An example -vvv output in this

Hi, I am doing some kerberos testing with samba4 using ssh. I have setup samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and active directory seems to be working both with Windows and Linux clients. ssh unfortunately is not kerberos authenticating via GSSAPI. The client krb5.conf contains this: ===================================================== [libdefaults]

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot

Hello, I'm trying to find clues on what may have changed for GSSAPI (Kerberos) authentication between OpenSSH 5.1p1 and 5.2p1. We have been using GSSAPI authentication for ssh for about 18 months with no problem with the OpenSSH build that is bundled with the FreeBSD operating system. All of those machines have OpenSSH 5.1p1. Last week I upgraded one of the servers to FreeBSD 8.0-BETA1

this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h

http://bugzilla.mindrot.org/show_bug.cgi?id=1219 Summary: typo in ssh_config Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com

https://bugzilla.mindrot.org/show_bug.cgi?id=3203 Bug ID: 3203 Summary: Could default_ccache_name from krb5.conf be used for GSSAPI connections? Product: Portable OpenSSH Version: 8.3p1 Hardware: ix86 OS: Linux Status: NEW Severity: enhancement Priority: P5

Hi, I'm having a problem with ssh and sssd in a samba4 ad environment. If I logon a linux client everything works fine. When entering klist I'm able to see my ticket. When I try to connect/logon to another linux client with ssh it is possible, but klist shows: klist: Credentials cache file '/run/user/$UID$/krb5cc/tkt' not found. So the ticket cache is not created during

I try to get Samba 4 with ssh running. I found in the Script from Matthieu Patou tot he sysvol sync the follwing intresting line. --- kinit -k -t /etc/krb5.keytab `hostname -s | tr "[:lower:]" "[:upper:]"`\$ rsync -X -u -a $dc_account_name\$@${dc}.${domain}:$SYSVOL $STAGING --- when i understand correct he uses the domain controller service principle to connect to the

I've been trying to get Kerberos to work for the last couple of days so that we can use SSO. I can't seem to get past a roadblock and Google doesn't seem to provide any answers. I've got Samba connected to the AD and running. I can wbinfo everything and can login to the machine using PAM with the pam_winbind modules just fine. I can get user tickets just fine. When I try to get ssh

Hai, Lets start here. Handy for us to know. OS? Samba version? AD or member setup? And I suggest, set this in the ssh server. # GSSAPI options GSSAPIAuthentication yes Restart the ssh server and try to SSO login. If its a AD server this should work. Yes, you dont get home dir etc, end up in / after login, but lets check if this works. Greetz, Louis > -----Oorspronkelijk

https://bugzilla.mindrot.org/show_bug.cgi?id=2643 Bug ID: 2643 Summary: Can not ssh with tr_TR.UTF-8 locale (Bad configuration options) Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: major Priority: P5 Component: ssh

Versions: openssh-3.8p1-33, heimdal-0.6.1rc3-51, XFree86-4.3.99.902-40, tk-8.4.6-37, all from SuSE 9.1 (unhacked); back-version peers have openssh-3.5p1, XFree86-4.3.0-115, etc. from SuSE 8.2. Symptoms: 1. When the client and server versions are unequal, the Kerberos ticket is not accepted for authentication. All the clients have PreferredAuthentications gssapi-with-mic, gssapi, others. 2.

Thanks for the prompt reply! > I did see that you are using Administrator, and thats the problem. > Administrator is mapped to root ( most of the time ), > if you assigned Administrator UID = 0 then you have a problem, because only root = uid 0. > > Never ever give Administrator a UID/GID I am using tdb backend. It mapped administrator account to 12000:10000. > So try again

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

Hi OpenSSH developers I use OpenSSH under FreeBSD. It's cool and useful for me. By the way, sample line of ForwardX11 in ssh_config was not fit for default setting in readconf.c. I want to change ssh_config. ---------- In ssh source (src/usr.bin/ssh/readconf.c), currently ForwardX11 is disabled. 731 if (options->forward_x11 == -1) 732