[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: incompatibility with solaris gssapi implementation?

On Sat, 12 Aug 2006 20:41:15 +0200
vadim <vadim.tarassov@swissonline.ch> wrote:

> Hi all,
> I am trying to ssh to solaris 10 box which runs sun's ssh with sun's 
> implementation of GSSAPI. As client I use openssh + heimdal 0.7.2. In the log 
> of the ssh daemon on solaris box I see following message:
> "Client offered gssapi userauth with { 1 3 6 1 5 5 2 } (unsupported)"
> At this moment all attempts to authenticate via gssapi-with-mic fail. Do you 
> know what is wrong? is SPNEGO. SPNEGO is a pseudo-mechanism used to
negotiate a real mechanism (e.g. Kerberos). SPNEGO is used primarily
for authenticating with Microsoft Windows servers. It's a little strange
that the client is even trying SPENGO because as the default mechanism
is Kerberos. I believe one would have to explicitly specify SPNEGO with
GSSAPI client routines to provide SPNEGO behavior. Perhaps there's a
config option that is set inappropriately.


Michael B Allen
PHP Active Directory SSO