similar to: [Bug 2121] New: Enable runtime loading of GSSAPI libraries

https://bugzilla.mindrot.org/show_bug.cgi?id=2104 Bug ID: 2104 Summary: Windows/win32/mingw support Classification: Unclassified Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous

http://bugzilla.mindrot.org/show_bug.cgi?id=1220 Summary: Fix error messages for multiple mechanism GSSAPI libraries Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=1416 Summary: Enable GSSAPI by default on Mac OS X Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: bitbucket

https://bugzilla.mindrot.org/show_bug.cgi?id=1970 Bug #: 1970 Summary: GSSAPI mechanisms will be disabled because the following shared libraries could not be loaded: /usr/local/lib/libgssapi_krb5.so Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All

https://bugzilla.mindrot.org/show_bug.cgi?id=2456 Bug ID: 2456 Summary: gssapi-keyex blocked by PermitRootLogin=without-password Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd

I'm trying to get gssapi-with-mic to work but the enabled field in the method struct is disabled I.e. The gssapi-with-mic enable field s not enabled in in the *method struct; it fails at: if (authmethod_is_enabled(method)) in the authmethod_is_enabled(method) function call using ddd , OpenSSH 5.2.p1, Linux 2.6.22.5-31 (SuSE 10.2) Questiion - what enables gssapi-with-mic? Thanks tedc

https://bugzilla.mindrot.org/show_bug.cgi?id=2553 Bug ID: 2553 Summary: 7.2p2 on server breaks GSSAPI with older clients Product: Portable OpenSSH Version: 7.2p1 Hardware: amd64 OS: Solaris Status: NEW Severity: normal Priority: P5 Component: Kerberos support Assignee:

FreeBSD has both <gssapi.h> and <gssapi/gssapi.h>, but the former is a wrapper that prints a warning before including the latter. This is a problem when building with -Werror. This patch reverses the order of preference so <gssapi/gssapi.h> wins over <gssapi.h>. Index: ssh-gss.h =================================================================== --- ssh-gss.h (revision

Hello All, I noticed some different behaviour of GSSAPI Authentication mechanism in SSH and like to know the reasons for such behaviour. If I try GSSAPI auth for a user whose principal is not stored in KDC, the GSSAPI auth method is tried 2 times and it fails. If the user is stored in KDC and not having valid credentials, then SSHD tries GSSAPI one time and fails. The interesting part of

Hello, I have a compile problem concerning samba-3.0.0 (final) with gssapi on a Solaris 9 machine. I don't know how to fix this, so any suggestions are welcome. Situation: We use LDAP to authenticate logins of a group of users, so I want to use this LDAP directory also from samba. (Openldap-2.1.22 was compiled with BerkeleyDB.4.1, heimdal-0.6 kerberos, and cyrus-sasl-2.1.13). After a

In pop3-login/client-authenticate.c, when sasl_server_auth_begin() is called, it does so with the service name of "POP3". GSSAPI uses this service name when obtaining its service credentials. The problem is that according to http://www.iana.org/assignments/gssapi-service-names , the service name should instead be simply "pop". This causes GSSAPI authentication to fail when

An updated version of my patch for Kerberos v5 support is now available from http://www.sxw.org.uk/computing/patches/openssh-2.5.2p1-krb5.patch This patch includes updated Kerberos v5 support for protocol version 1, and also adds GSSAPI support for protocol version 2. Unlike the Kerberos v5 code (which will still not interoperate with ssh.com clients and servers), the GSSAPI support is based on

http://bugzilla.mindrot.org/show_bug.cgi?id=958 Summary: patch to support GSI GSSAPI mechanism Product: Portable OpenSSH Version: 3.9p1 Platform: All URL: http://grid.ncsa.uiuc.edu/ssh/ OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: Miscellaneous

Hi all, I've got a Dovecot v2.3.3 IMAP with GSSAPI auth set up. This server is in main domain, 'contoso.com'. I also have several subdomains. My problem is usernames with GSSAPI authentication: When I try to login as 'user' or as 'user at CONTOSO.COM' - everything works. But, 'user at contoso.com' auth fails. But when I try to login as subdomain user,

The 4.2 release notes describes the GSSAPI credential delegating issue as: SECURITY: sshd in OpenSSH versions prior to 4.2 allow GSSAPI credentials to be delegated to users who log in with methods other than GSSAPI authentication (e.g. public key) when the client requests it. This behaviour has been changed in OpenSSH 4.2 to only delegate credentials to users who

Somewhat belatedly, I'm pleased to announce the availability of my GSSAPI key exchange patches for OpenSSH 5.2p1. Apologies for the delay in getting these out, a honeymoon, followed by the pressure of work, made the first half of this year rather busy! Whilst OpenSSH contains support for GSSAPI user authentication, this still relies upon SSH host keys to authenticate the server to the

From the better-late-than-never-department, I'm pleased to announce the availability of my GSSAPI Key Exchange patches for OpenSSH 5.3p1. This is a pretty minor maintenance release - it contains a couple of fixes to take into account changes to the underlying OpenSSH code, and a compilation fix for when GSSAPI isn't required. Thanks to Colin Wilson and Jim Basney for their bug reports.

Hello, I'm trying to find clues on what may have changed for GSSAPI (Kerberos) authentication between OpenSSH 5.1p1 and 5.2p1. We have been using GSSAPI authentication for ssh for about 18 months with no problem with the OpenSSH build that is bundled with the FreeBSD operating system. All of those machines have OpenSSH 5.1p1. Last week I upgraded one of the servers to FreeBSD 8.0-BETA1

Trying to compile 1.1rc8 from scratch on FreeBSD 6.3 as well as from the dovecot-devel port and I get an error when trying to include gssapi. gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-sql -I../../src/lib-settings -I../../src/lib-ntlm -I../../src/lib-otp -DAUTH_MODULE_DIR=\""/usr/local/lib/dovecot/auth"\"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's that time again! There's been another OpenSSH release, and once again, I'm pleased to announce the availability of my GSSAPI Key Exchange patch for it. Whilst OpenSSH contains support for GSSAPI user authentication, this still relies upon SSH host keys to authenticate the server to the user. For sites with a deployed Kerberos