Displaying 20 results from an estimated 7000 matches similar to: "OpenSSH+GSSAPI & HP/UX 11i..."
2005 Jul 24
1
Does OpenSSH+GSSAPI interoperate between Heimdal and MIT?
I have a freshly installed FreeBSD 6.0-BETA1 system, which comes with Heimdal
& OpenSSH w/GSSAPI enabled (version 4.1p1 FreeBSD-20050605) Most of the
servers I connect to have OpenSSH w/GSSAPI enabled but they use MIT Kerberos
(1,3.x and 1.4.x) Now, I can use ticket authentication between all systems
where the libraries are all the same (Heimdal or MIT), but trying to use, for
example,
2003 May 01
2
Kerberos password auth/expiry kbdint patch
I took Markus Friedl's advice and set up a KbdintDevice for Kerberos
password authentication/expiry. It took me a bit to wrap my head
around privsep, but I think it's working properly (code stolen
shamelessly from FBSD's PAM implementation :->).
The hardest part was working out how to get the interaction
between krb5_get_init_creds_password() (along with the prompter)
to work
2004 Jun 25
1
Compilation with Kerberos problem
I'm trying to compile Samba 3.0.4 with Active Directory support on
OpenBSD 3.5, using the native Kerberos libraries (which happens to be
Heimdal 0.6). Unfortunately, ./configure isn't working right. If anyone
can help me figure out what the problem is, i would appreciate it.
First a bit of info on OpenBSD's Kerberos path layout, in case it
matters:
/usr/libexec - daemons
2004 Feb 13
2
OpenSSH-snap-20040212 and the use of krb5-config
With openssh-snap-20040212 the configure.ac when it finds a
krb5-config file, does not call the AC_DEFINE(GSSAPI) or
AC_CHECK_HEADER(gssapi.h...) This means that GSSAPI and HAVE_GSSAPI_H
are not defined, and thus GSSAPI is not built.
If I rename the kerberos provided krb5-config file and run configure,
the old method of finding the Kerberos lib and include directories
is used and OpenSSH
2009 Apr 03
3
gssapi not enabled
I'm trying to get gssapi-with-mic to work but the enabled field in the
method struct is disabled I.e.
The gssapi-with-mic enable field s not enabled in in the *method struct; it
fails at:
if (authmethod_is_enabled(method))
in the authmethod_is_enabled(method) function call
using ddd , OpenSSH 5.2.p1, Linux 2.6.22.5-31 (SuSE 10.2)
Questiion - what enables gssapi-with-mic?
Thanks
tedc
2014 Jun 21
1
broken samba-4.1.8 waf configure
21 jun 2014
the version numbers changed (samba-4.1.8), but the problem
remains exactly the same: waf configure continues to break at
krb5.
frank smith
31 may 2014
greetings,
in the (relatively distant) past, i several times downloaded,
built, and ran the then-current version of samba with little to no
problem. i recently experienced similar successful results with
samba-3.6.23.
i
2004 Sep 13
4
Pending OpenSSH release, call for testing.
Darren,
We have systems which are multihomed for virtualisation, but run only one sshd.
You can connect to any IP-address and should be authenticated with
gssapi/kerberos. So the client will ask for a principal host/virt-ip-X and the
server has to have an entry for this in the keytab and has to select the right
key by determining the hostname from the connection IP-address. There is no other
way
2006 Mar 24
0
OpenSSH
Trying to compile OpenSSH with Kerberos5 fails.
checking whether we are using Heimdal... no
checking gssapi.h usability... no
checking gssapi.h presence... no
checking for gssapi.h... no
checking gssapi/gssapi.h usability... yes
checking gssapi/gssapi.h presence... yes
checking for gssapi/gssapi.h... yes
checking gssapi_krb5.h usability... no
checking gssapi_krb5.h presence... no
2001 May 21
1
Problems with Krb5/GSSAPI patches in FBSD 4.3
Hi,
I am trying to impliment OpenSSH v2.9p1 with the Krb5/GSSAPI patches at:
http://www.sxw.org.uk/computing/patches/openssh-2.9p1-gssapi.patch
On a FreeBSD 4.3-STABLE system (with both the integrated Heimdal libs and
the MIT Krb5 package from ports intstalled). I patched the src tree,
reconfigured, recompiled, installed, and it works - except for Krb5
passwords or Krb5 tickets. And I really
2004 Jan 26
6
OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos
Rather then implementing kafs in MIT Kerberos, I would like to
suggest an alternative which has advantages to all parties.
The OpenSSH sshd needs to do two things:
(1) sets a PAG in the kernel,
(2) obtains an AFS token storing it in the kernel.
It can use the Kerberos credentials either obtained via GSSAPI
delegation, PAM or other kerberos login code in the sshd.
The above two
2003 May 20
6
Sshd and domain authentication
Is there a way to run sshd on a windows 2000 server and have ssh clients
authenticate to it using domain level authentication?
Mike
2006 Jul 19
2
Patch suggestion
Hi,
Would it be possible to make a change in the configure file to search
for gssapi.h in <kerberosV/gssapi.h> if it fails to find it in
<gssapi/gssapi.h>? That would allow to compile dovecot with gssapi
easily on OpenBSD without patching it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 186
2016 Mar 22
3
Automatically forwarding fresh Kerberos tickets?
In an environment where users use smart cards to authenticate on Windows and then use ssh to login to UNIX systems via GSSAPI, it is nigh impossible to renew/refresh the Kerberos credentials in the UNIX session. If the user fails to renew their credentials before they expire, the user is stuck and must log out and log back in to get valid tickets.
Meanwhile it is entirely likely that on the
2005 May 11
6
Need help with GSSAPI authentication
Client: Windows XP pro, in an AD 2003 domain, running SecureCRT 4.1.11.
I've also got MIT Kerberos for Windows installed on the client, and Leash
shows that my tickets ARE forwardable.
Server: Solaris 8 Sparc server, with MIT Kerberos (krb5-1.4.1), and
OpenSSH 4.0p1.
I've created two AD accounts, and extracted keys mapped to
"host/hostname.domainname.com at REALM.COM" and
2007 Sep 27
4
GSSAPI Key Exchange Patch for OpenSSH 4.7p1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm pleased to (finally) announce the availability of my GSSAPI Key
Exchange patch for OpenSSH 4.7p1. Whilst OpenSSH contains support for
doing GSSAPI user authentication, this only allows the underlying
security mechanism to authenticate the user to the server, and
continues to use SSH host keys to authenticate the server to the
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2004 Jul 02
0
Can't configure Samba with Kerberos support
I'm trying to compile Samba 3.0.4 with Active Directory support on
OpenBSD 3.5, using the native Kerberos libraries (which happens to be
Heimdal 0.6). Unfortunately, ./configure isn't working right. I think
i'm missing a switch or something. If anyone can help me figure out
what the problem is, i would really appreciate it.
First a bit of info on OpenBSD's Kerberos path
2017 Jan 17
2
Question on Kerberos (GSSAPI) auth
On Jan 17, 2017, at 9:57 AM, Douglas E Engert <deengert at gmail.com> wrote:
> On 1/16/2017 2:09 PM, Ron Frederick wrote:
>> I?m working on an implementation of ?gssapi-with-mic? authentication for my AsyncSSH package and trying to get it to interoperate with OpenSSH. I?ve gotten it working, but there seems to be a discrepancy between the OpenSSH implementation and RFC 4462.
2005 Nov 27
3
OpenSSH and Kerberos / Active Directory authentication problems: Credentials cache permission incorrect / No Credentials Cache found
Greetings,
I'm working on the infrastructure of a medium size client/server
environment using an Active Directory running on Windows Server 2003 for
central authentication of users on linux clients.
Additionally OpenAFS is running using Kerberos authentication through
Active Directory as well.
Now I want to grant users remote access to their AFS data by logging in
into a central OpenSSH
2004 May 28
1
gssapi-with-mic and Win2K KDC?
Upgrading to the 3.8.x versions of OpenSSH appears to have broken
support for Win2K KDC's. Win2K supports gssapi just fine, but the new
gssapi-with-mic does not appear to work. I was able to use the old
3.6.x versions with Kerberos authentication, and the newer 3.7.x
versions with gssapi authentication, but 3.8.x does not seem to work at
all. The mitm patch provided for 3.8p1 does work, but