Displaying 20 results from an estimated 20000 matches similar to: "Incorrect description of GSSAPI vulnerability in 4.2 release note."
2005 Nov 03
2
Question about GSSAPI with OpenSSH 4.2p1
Hey all, perhaps someone might be able to shed a little light on this
problem. Nothing I find in books and groups seem to address the
problem. I'm trying to set up a series of connections with ssh that
authenticate through GSSAPI. However, it seems that the credentials are
not getting passed.
>From the client..
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a
2007 Sep 27
4
GSSAPI Key Exchange Patch for OpenSSH 4.7p1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm pleased to (finally) announce the availability of my GSSAPI Key
Exchange patch for OpenSSH 4.7p1. Whilst OpenSSH contains support for
doing GSSAPI user authentication, this only allows the underlying
security mechanism to authenticate the user to the server, and
continues to use SSH host keys to authenticate the server to the
2006 Dec 14
1
Problems using gssapi authentication from FreeBSD to Linux machines
Hi all,
I'm really struggling with getting Kerberos authentication to work
between a FreeBSD host and a Linux host. I'm using the latest 6-
STABLE code on the FreeBSD box, I've got forwardable Kerberos tokens
(verified with "klist -f") and Kerberos and ssh are working fine in
all other ways, but I can't get the Linux box to accept the Kerberos
ticket as
2005 Sep 26
0
New GSSAPI Key Exchange patch for OpenSSH 4.2p1
Hi,
This is to announce the availability of a new version of my GSSAPI key
exchange patch for OpenSSH.
The code is available from
http://www.sxw.org.uk/computing/patches/openssh.html
Changes since the last release are:
*) Implement GSS group exchange
*) Disable DNS canonicalization of the hostname passed to the GSSAPI
library - an option is provided to allow this to be overriden on
2013 Nov 20
1
Samba4 and GSSAPI based authentication for OpenSSH
I seem to be having the same issue as
https://lists.samba.org/archive/samba/2012-December/170426.html. I
don't see that he ever reached a solution.
Nov 20 16:02:58 appdb01-qa sshd[31622]: debug1: Unspecified GSS
failure. Minor code may provide more information\nNo key table entry
found matching host/appdb01-qa.mediture.dom@\n
Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1:
2005 Oct 04
0
GSSAPI Auth in SSH
Hello All,
I noticed some different behaviour of GSSAPI Authentication mechanism in SSH
and like to know the reasons for such behaviour.
If I try GSSAPI auth for a user whose principal is not stored in KDC, the
GSSAPI auth method is tried 2 times and it fails. If the user is stored in
KDC and not having valid credentials, then SSHD tries GSSAPI one time and
fails. The interesting part of
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2009 Jul 17
1
GSSAPI Kerberos Differences between 5.1p1 and 5.2p1?
Hello,
I'm trying to find clues on what may have changed for GSSAPI (Kerberos)
authentication between OpenSSH 5.1p1 and 5.2p1. We have been using
GSSAPI authentication for ssh for about 18 months with no problem with
the OpenSSH build that is bundled with the FreeBSD operating system.
All of those machines have OpenSSH 5.1p1. Last week I upgraded one of
the servers to FreeBSD 8.0-BETA1
2007 Nov 15
3
GSSAPI Key Exchange Patch
Will Simon Wilkinson's GSSAPI Key Exchange patch ever be incorporated into
the OpenSSH source?
http://www.sxw.org.uk/computing/patches/openssh.html
I'm sure I'm not the only one that uses it and would like to see it become
part of the OpenSSH source. Is there something missing or is there some
technical/philosophical reason for not including it?
2017 Nov 01
0
Winbind, Kerberos, SSH and Single Sign On
I can suggest a few things.
krb5.conf ( if you use nfsv4 with kerberized mounts _
[libdefaults]
ignore_k5login = true in
But, it does not look like it in you logs your useing kerberized mounts.
Im missing in SSHD_config :
UseDNS yes
And the defaults :
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
Are sufficient for a normal ssh kerberized login.
Optional,
2003 Jun 27
3
Kerberos Support in OpenSSH
Dear Sir and Madam:
I'm writing to you on behalf of the MIT Kerberos team and several
other parties interested in the availability of Kerberos
authentication for the SSH protocol.
We recently noticed that the OpenSSH developers had added support for
the kerberos-2 at ssh.com user authentication mechanism. We are
delighted but we believe additional steps are necessary, as explained
2009 Apr 19
1
Stack trace dor gssapi-with-mic
I think I had better update akk the kerberos and gssapi to the latest?
Please advise.
Thanks
Tedc
ssh -vvv admin at geronimo.creedon.biz
<<<<<<<<snip>>>>>>>>>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa (0x568da0)
debug2: key:
2017 Nov 02
2
Winbind, Kerberos, SSH and Single Sign On
Hi,
thanks for your hints. DNS, /etc/resolf.conf, /ets/hosts seem to be
correct. I'm able to do a kerberized ssh with a user from
subdom2.subdom1.example.de (testuser at SUBDOM2.SUBDOM1.EXAMPLE.DE) But I'm
not able to do the same with a user from example.de (user1 at EXAMPLE.DE).
--
Regards,
Andreas
Am 01.11.2017 um 10:51 schrieb L.P.H. van Belle via samba:
> I can suggest a few
2001 Mar 20
1
Kerberos v5 and GSSAPI support in OpenSSH
An updated version of my patch for Kerberos v5 support is now available
from
http://www.sxw.org.uk/computing/patches/openssh-2.5.2p1-krb5.patch
This patch includes updated Kerberos v5 support for protocol version 1,
and also adds GSSAPI support for protocol version 2.
Unlike the Kerberos v5 code (which will still not interoperate with
ssh.com clients and servers), the GSSAPI support is based on
2009 May 23
7
[Bug 1601] New: Memory leak caused by forwarded GSSAPI credential store
https://bugzilla.mindrot.org/show_bug.cgi?id=1601
Summary: Memory leak caused by forwarded GSSAPI credential
store
Product: Portable OpenSSH
Version: 5.2p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at
2005 Sep 01
0
Announce: OpenSSH 4.2 released
OpenSSH 4.2 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued
support of the project, especially those who contributed source,
reported bugs, tested
2005 Sep 01
0
Announce: OpenSSH 4.2 released
OpenSSH 4.2 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued
support of the project, especially those who contributed source,
reported bugs, tested
2011 Jul 28
1
intermittent problems obtaining shell with gssapi-with-mic
Hi,
I am seeing a rather strange issue with openssh-5.3p1 (both client and
server) under scientific linux 6. The systems in question are set up
to authenticate against a Kerberos server. ssh'ing between machines
works fine 99% of the time with the gssapi-with-mic method. But on
occasion an ssh session will fail to spawn a sheel for the user after
authentication. An example -vvv output in this
2008 Apr 04
0
GSSAPI Key Exchange Patch for OpenSSH 5.0p1 (plus an added extra)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It's that time again! There's been another OpenSSH release, and once
again, I'm pleased to announce the availability of my GSSAPI Key
Exchange patch for it.
Whilst OpenSSH contains support for GSSAPI user authentication, this
still relies upon SSH host keys to authenticate the server to the
user. For sites with a deployed Kerberos
2003 Oct 30
3
[Bug 751] KRB5CCNAME set incorrectly in GSSAPI code
http://bugzilla.mindrot.org/show_bug.cgi?id=751
Summary: KRB5CCNAME set incorrectly in GSSAPI code
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Kerberos support
AssignedTo: openssh-bugs at mindrot.org