similar to: [Bug 1927] authorized_credentials (aka authorized_keys for GSSAPI-MIC)

https://bugzilla.mindrot.org/show_bug.cgi?id=1927 Matthew N. Dodd <matthew.nygard.dodd at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|5.8p2 |-current -- You are receiving this mail because: You are watching the assignee of the bug.

http://bugzilla.mindrot.org/show_bug.cgi?id=1326 Summary: Allow non-public-key credentials in authorized_keys file (Kerberos, etc.) Product: Portable OpenSSH Version: 4.4p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Kerberos support

Gives GSSAPI-MIC the same options capability currently provided for public key logins by the AuthorizedKeysFile. Uses krb5_principal_match() to support widcard matches. Uses percent_expand() to expand tokens for: credential USER[/INSTANCE]@REALM homedir /home/user username user cred name USER cred instance INSTANCE cred realm REALM My intended application: # cat

Upgrading to the 3.8.x versions of OpenSSH appears to have broken support for Win2K KDC's. Win2K supports gssapi just fine, but the new gssapi-with-mic does not appear to work. I was able to use the old 3.6.x versions with Kerberos authentication, and the newer 3.7.x versions with gssapi authentication, but 3.8.x does not seem to work at all. The mitm patch provided for 3.8p1 does work, but

http://bugzilla.mindrot.org/show_bug.cgi?id=1100 Summary: GSSAPI-with-mic doesn't handle empty usernames Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy:

https://bugzilla.mindrot.org/show_bug.cgi?id=2204 Bug ID: 2204 Summary: gssapi-with-mic and UsePrivilegeSeparation sandbox Product: Portable OpenSSH Version: 6.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: Kerberos support Assignee:

I think I had better update akk the kerberos and gssapi to the latest? Please advise. Thanks Tedc ssh -vvv admin at geronimo.creedon.biz <<<<<<<<snip>>>>>>>>> debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /root/.ssh/identity ((nil)) debug2: key: /root/.ssh/id_rsa (0x568da0) debug2: key:

Would it be possible for one of the developers to look at the following Bugzilla entries, and, if suitable, apply the patches attached to each bug? http://bugzilla.mindrot.org/show_bug.cgi?id=1220 Fix error messages for multiple mechanism GSSAPI libraries http://bugzilla.mindrot.org/show_bug.cgi?id=1225 Tidy up GSSAPI code http://bugzilla.mindrot.org/show_bug.cgi?id=928 Kerberos/GSSAPI

http://bugzilla.mindrot.org/show_bug.cgi?id=1100 ------- Comment #2 from jbasney at ncsa.uiuc.edu 2006-11-15 11:17 ------- Created an attachment (id=1207) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1207&action=view) patch to support empty usernames with gssapi-with-mic This patch (against CVS tag V_4_5_P1) works for me. Hope it's useful. ------- You are receiving

https://bugzilla.mindrot.org/show_bug.cgi?id=2445 Bug ID: 2445 Summary: Fix gssapi-with-mic support when is set to PermitRootLogin without-password Product: Portable OpenSSH Version: 7.0p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: sshd

http://bugzilla.mindrot.org/show_bug.cgi?id=1100 jbasney at ncsa.uiuc.edu changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jbasney at ncsa.uiuc.edu ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching

Hi, I am seeing a rather strange issue with openssh-5.3p1 (both client and server) under scientific linux 6. The systems in question are set up to authenticate against a Kerberos server. ssh'ing between machines works fine 99% of the time with the gssapi-with-mic method. But on occasion an ssh session will fail to spawn a sheel for the user after authentication. An example -vvv output in this

https://bugzilla.mindrot.org/show_bug.cgi?id=2456 Bug ID: 2456 Summary: gssapi-keyex blocked by PermitRootLogin=without-password Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd

Hello All, I noticed some different behaviour of GSSAPI Authentication mechanism in SSH and like to know the reasons for such behaviour. If I try GSSAPI auth for a user whose principal is not stored in KDC, the GSSAPI auth method is tried 2 times and it fails. If the user is stored in KDC and not having valid credentials, then SSHD tries GSSAPI one time and fails. The interesting part of

Hello, I'm trying to find clues on what may have changed for GSSAPI (Kerberos) authentication between OpenSSH 5.1p1 and 5.2p1. We have been using GSSAPI authentication for ssh for about 18 months with no problem with the OpenSSH build that is bundled with the FreeBSD operating system. All of those machines have OpenSSH 5.1p1. Last week I upgraded one of the servers to FreeBSD 8.0-BETA1

I'm trying to troubleshoot gssapi_with_mic authentication with OpenSSH 5.2p1 on FreeBSD 8.0. If I run sshd with maximum debug "sshd -ddd" the most detail I get is: GSSAPI MIC check failed That comes from line 282 in auth2-gss.c 279 if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) 280 authenticated =

Hey all, perhaps someone might be able to shed a little light on this problem. Nothing I find in books and groups seem to address the problem. I'm trying to set up a series of connections with ssh that authenticate through GSSAPI. However, it seems that the credentials are not getting passed. >From the client.. debug1: Next authentication method: gssapi-with-mic debug2: we sent a

I'm trying to get gssapi-with-mic to work but the enabled field in the method struct is disabled I.e. The gssapi-with-mic enable field s not enabled in in the *method struct; it fails at: if (authmethod_is_enabled(method)) in the authmethod_is_enabled(method) function call using ddd , OpenSSH 5.2.p1, Linux 2.6.22.5-31 (SuSE 10.2) Questiion - what enables gssapi-with-mic? Thanks tedc

Dear developers, to my previous post I have some additional info. I just erased all the krb5 data and set it up from scratch. Now the message in sshd debug changed to: debug1: Miscellaneous failure (see text) Decrypt integrity check failed debug1: Got no client credentials Failed gssapi-with-mic for komanek .... So it seems the problem is somewhere in the kerberos, not in openssh. Is here

Hi, I am doing some kerberos testing with samba4 using ssh. I have setup samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and active directory seems to be working both with Windows and Linux clients. ssh unfortunately is not kerberos authenticating via GSSAPI. The client krb5.conf contains this: ===================================================== [libdefaults]