similar to: [Bug 2080] New: Add debug statements for gss_krb5_copy_ccache

Build attempts of the new ssh-openbsd-2003091700 distribution fail like this on OpenBSD 3.2: cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o

this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h

http://bugzilla.mindrot.org/show_bug.cgi?id=1276 Summary: Link stage fails when gssapi exists Product: Portable OpenSSH Version: v4.5p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: bitbucket at mindrot.org ReportedBy: jengelh

The attached patch removes the duplicated credentials cache generation code in auth-krb5.c and gss-serv-krb5.c, by turning it into a procedure which is then called by both sections of code. It's against the latest portable CVS tree. Cheers, Simon. -------------- next part -------------- Index: auth-krb5.c =================================================================== RCS file:

http://bugzilla.mindrot.org/show_bug.cgi?id=1166 Summary: openssh-4.3p1 has some issues compiling Product: Portable OpenSSH Version: 4.3p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: bitbucket at mindrot.org ReportedBy:

On 2016-10-11 11:03, Aki Tuomi wrote: > On 11.10.2016 11:56, Juha Koho wrote: >> >> On 2016-10-11 10:00, Aki Tuomi wrote: >>> On 11.10.2016 10:43, Juha Koho wrote: >>>> >>>> On 2016-10-11 09:18, Aki Tuomi wrote: >>>>> On 11.10.2016 10:13, Juha Koho wrote: >>>>>> Hello, >>>>>>

On 2016-10-11 10:00, Aki Tuomi wrote: > On 11.10.2016 10:43, Juha Koho wrote: >> >> On 2016-10-11 09:18, Aki Tuomi wrote: >>> On 11.10.2016 10:13, Juha Koho wrote: >>>> Hello, >>>> >>>> I have a Dovecot 2.2.25 set up with OpenLDAP back end. I was trying >>>> to >>>> set up a GSSAPI Kerberos authentication with

As far as I know this patch has no security implications -- I don't believe that allowing sshd to use get_local_name() (in canohost.c) on a connected socket to determine it's own fqdn will allow a malicious client (or router or dns server) to make it come to the wrong conclusion. But please let me know if you think I'm wrong. Please also let me know if you're just not interested

Hi John, The same smb and winbind configuration ( same SUSE box ) works good other Windows AD servers. "#wbinfo -u" and "#wbinfo -g" returns the users and groups respectively. Thanks for your great help !!! what is the difference between "#net rpc" and "#net ads" ?..if you have time, give some explanation.. Regards, Vivek On Mon, Nov 15, 2010 at 6:56

Hello, I have a Dovecot 2.2.25 set up with OpenLDAP back end. I was trying to set up a GSSAPI Kerberos authentication with the LDAP server but with little success. Seems no matter what I try I end up with the following error message: dovecot: auth: Error: LDAP: binding failed (dn (imap/host.example.com at EXAMPLE.COM)): Local error, SASL(-1): generic failure: GSSAPI Error: Unspecified GSS

On 2016-10-11 09:18, Aki Tuomi wrote: > On 11.10.2016 10:13, Juha Koho wrote: >> Hello, >> >> I have a Dovecot 2.2.25 set up with OpenLDAP back end. I was trying to >> set up a GSSAPI Kerberos authentication with the LDAP server but with >> little success. Seems no matter what I try I end up with the following >> error message: >> >> dovecot:

I am trying to join a samba server and have the keytab file set. After joining there was no keytab file so I ran the command: /usr/sfw/sbin/net ads keytab add host -d 10 This was the result: [2007/12/04 21:40:09, 5] lib/debug.c:(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0

Hi everybody, I've compiled samba 4.0.3 with gcc 4.4.4 on openindiana. But now I have a problem joining the domain.... /usr/local/samba/bin/net ads join -d 10 -U jvanthienen ... "ads_sasl_spnego_krb5_bind failed with: Miscellaneous failure (see text) : Did not find a plugin for ccache_ops, calling kinit" ... Is this ccache plugin really needed? Can I disable this and how ? any

Hi, I have tested winbind in samba-3.0.25-pre2 and encountered some problems. We have a working config with Linux samba-3.0.23d and W2k3 AD R2 rfc2307bis, but when I switch to 3.0.25 it stopped working. I am not quite familiar with the new configuration directives for idmap, but the old config did not work either with 3.0.25, so I tried to use the new ones. Is there apparent errors in my config

Hi All, For the past few months I've been running a SUSE 9.2 server here (mostly as an app server) which was a member of an AD domain (w2k3 domain controller.) I used winbind to enable domain members to log into the box, all was well. This week the w2k3 server had some MS security patches applied and suddenly logins became impossible, because winbind was unable to retrieve user info from the

Hi all, I have a situation in which my SAMBA 3.0.14a could not join the a very large windows 2003 AD domain with tens of domain controllers all over the world. With an error I have never seen before. The kinit part went OK but the net ads join part failed. What we tried is to have our SAMBA joined one of the OU in which we have the credentials to join. BTW we had no problem to join other

Both pc13267 and pc14113 run CentOS 5.5. On pc14113, my test user gets a home directory when logging in, but not on pc13267. But why? All logs below are from /var/log/messages. I have removed dates and stuff from the beginning of lines to make them more readable, and then grouped lines about the same thing from both machines. > pc13267 Using keytab file '/etc/krb5.keytab' >

Hello all, I'm having problems getting Samba to join a Windows AD. I am delegated OU admin, and have no direct access to the domain controller. We have 3 DCs in one domain where my OU exists. The users I wish to authenticate are in a different domain. I have set up Kerberos and can receive tickets correctly. I run net -d 4 ads join createcomputer=[Delegated OU] -U [account with join

I reproduced error WERR_DEFAULT_JOIN_REQUIRED in two scenarios: - user account that is used to join machine to domain is not part of Domain Admin group. - OU path for computer (specified in createcomputer) is invalid In both of those cases I'm getting detailed error messages: 'insufficient access' and 'invalid path' respectively but on customer site I'm always getting:

Hello all, As the subject says, as far as I can tell everything works on my ads integrated samba server. Domain accounts can be used for ssh, and accessing shares, I just can't leave the domain. Here is a successful join command followed by an unsuccessful leave command at debug level 4. Any ideas? TIA, Mark user@dordal:~$ sudo net ads join -U administrator@MYDOMAIN.COM -d 4 [2009/03/19