similar to: openssh and kerb 1.4.1 not so happy together

Is something special required for KerbV auth to work? I've enabled: KerberosAuthentication yes on some test boxes and it doesn't work. I do a kinit, and then ssh and it asks for a password. If you don't provide one, you don't get in.

After reading some more from the archives, a private email, and some general research, I see that KerbV support has been dropped in favor of GSSAPI. Which is fine, and wonderful, I support GSSAPI. But, erm, the announcement says, "This release contains some GSSAPI user authentication support to replace legacy KerberosV authentication support. At present this code is still considered

Hey folks, Here at USC we have a few changes we make to the source code for various reasons -- and we have to make them for each new version. I always shrugged off sending a patch in because the changes felt very internal, but the more I think about it, the more I think perhaps they would be good for the main tree. Additionally, the more of this that gets into the main tree the easier upgrades

For various reasons, it makes our life easier at USC to have a 'install-nosysconf' target much like the install-nokeys target that was added a while back. I mentioned this a few months back on this list and people seemed to think it wouldn't be a problem to get it into the mainline tree. I've attached the patch -- it should keep 100% backwards compatibility. Thanks. -- Phil

Hey folks, About a year ago it was pointed out to me there was BSM support in CVS that would hopefully make it into a release soon. I had a look over it and it looks like it covers everything (it certainly covers more than the 3 or 4 things we do here at USC). So I'm wondering what the status of that is? Is it planned for a release soon? Are there issues with it? This is a really big feature

I noticed that it appears KerbV tgt passing seems to have disappeared in the 3.7 release. Was this dropped, or is it planned to come back? Was there a reason it disappeared? I looked through the archives but couldn't find much. Thanks, -- Phil Dibowitz phil at ipom.com Freeware and Technical Pages Insanity Palace of Metallica

On Tue, Aug 23, 2005 at 03:10:45PM +1000, openssh-unix-dev-request at mindrot.org wrote: > Date: Fri, 19 Aug 2005 17:56:19 +1000 > From: Darren Tucker <dtucker at zip.com.au> > Subject: Re: OpenSSH sget/sput suggestion > To: CRX Driver <crxssi at hotmail.com> > Cc: openssh-unix-dev at mindrot.org > Message-ID: <430590A3.1090506 at zip.com.au> > Content-Type:

Hey folks, I've asked this on the security focus mailing list, but no one seems to know... I'm in the process of moving my company from old crufty ssh.com ssh1 to openssh. On most of our hosts, we've created rsa and dsa keys but managed to KEEP the old rsa1 key... However, on a few hosts, openssh has been unable to read the old rsa1 key and has claimed: debug1: Unsupported

Hey folks, As part of a local change, we like to authlog the commands executed via command line, i.e.: ssh user at host "somecommand" And I was able to modify session.c like so: -------------------------------------- case SSH_CMSG_EXEC_CMD: if (type == SSH_CMSG_EXEC_CMD) { command = packet_get_string(&dlen);

hi' Ive followed the steps from http://weblog.bignerdranch.com/?p=6 <http://weblog.bignerdranch.com/?p=6&page=2> &page=2 and http://forums.fedoraforum.org/showthread.php?t=92804 I'm trying to login as a domain user in x (gdm) If a boot the pc and try to login i get the following error in /var/log/messages: Jan 9 13:10:35 zgltsp03 gdm(pam_unix)[2812]: check pass; user

Hi, can you anyone suggest me how can i update .k5login to append new entry or remove existing line when i tried using k5login { ''/root/.k5login'': ensure => present, path => ''/root/.k5login'', principals => ''dhaval@MYREALM.COM'', } it completelty removes all lines form k5login and put

I am running dovecot 2.1.7 on Debian Squeeze 64 bit, config information at the end of the email. I am working on a Kerberos/GSSAPI based setup that requires cross-realm authentication. I have regular GSSAPI working, I can log in using pam_krb5 with password based logins or with the GSSAPI support when using a kerberos ticket in the default realm. However when I attempt to authenticate using

Hi, we are currently moving our mailserver to a new server with Dovecot, virtual users in LDAP, Passwords in Kerberos Setup. Everything works fine except for GSSAPI which seems to be a bit buggy. The thing is, that when using a .k5login [1] file it seems that SASL does not get passed the home directory specified userdb. In other words, mails for user1 (see below) are stored in

Hello, SSH supports ~/.ssh/authorzied_keys for SSH keys and ~/.ssh/authorized_principals for X509 certs. I could not find an equivalent of authorzied_keys using Kerberos authentication. IMHO it should be possible using the Kerberos principal very much like the principal contained inside a X509 certificate. My main use case is assigning a specific command to a user logging in using Kerberos

https://bugzilla.mindrot.org/show_bug.cgi?id=3123 Bug ID: 3123 Summary: PermitOpen does not allow wildcards for hosts despite what docs say Product: Portable OpenSSH Version: 7.2p2 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

The openssh-3.0 announcement said: (...) 3) improved Kerberos support in protocol v1 (KerbIV and KerbV) (...) This seems to imply at least some krb5 support, but there is nothing new in ./configure --help about it. Grepping the source, I see many references to #ifdef KRB5. Trying to enable it manually (a #define in config.h) gives errors about a missing krb5_auth_con_setaddrs_from_fd, which I

I store my file_column database outside of my RAILS_ROOT. It seems to work in real life, but not in tests. In the tests, I can''t set both the root_path and the store_dir. In tests, setting the store_dir option will override the root_path option. The only way for root_path to work is to remove store_dir. I think the problem is in file_column.rb on line 22: options[:store_dir]

steve wrote: > > My only remaining question is that to open port 22 on the file server, > I've had to open all the other ports otherwise I could not kinit or > anything else. Could you/is there a list of ports which need to be > open for a S3 fileserver which is also a nfs server to be able to > communicate to the rest of the LAN without all ports being opened? > >

Hi Rowland, Thanks for your explanation. We have set up Samba to authenticate users against an external MIT Kerberos server and usernames match those in Unix password files. The setup was almost exactly like the Ubuntu help page: https://help.ubuntu.com/community/Samba/Kerberos#MIT_Kerberos There are others who have also set up Samba this way:

[Apologies if this is an off-topic question; please direct me to a more appropriate place if so.] Using Kerberos/GSSAPIAuthentication, is there a way to centrally control/manage (perhaps using LDAP?) which user principals can log into what hosts/accounts? -- Jos Backus jos at catnook.com