[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problem with OpenSSH
David Wolfskill wrote:
> On Wed, Aug 01, 2007 at 06:10:06PM +0200, Antoine MILLET wrote:
>> Actually I'm using FreeBSD 5.5 under 1000 computers (EPITA / EPITECH,
>> French Computer School).
>> Before July we ran NetBSD / NFS and now we've moved to FreeBSD / AFS.
>> I've a problem with OpenSSH / Heimdal / Arla
>> - GDM run perfectily with my krb5.conf, and I get kerberos ticket and
>> afs tokens (I had an "afslog" in GDM's Xsession script).
>> - KINIT work perfectly with my krb5.conf, and I get kerberos ticket and
>> afs tokens without any problem by running `kinit USERNAME`
>> OpenSSH don't log users without a keytab containing the host
>> principal... Without this keytab I can log on the host.
>> I configure OpenSSH 4.6 with : ./configure --prefix=/usr
> Err... you're not using the OpenSSH included as part of FreeBSD, then?
I tried to build OpenSSH directly from src because because OpenSSH in
ports doesn't run with kerberos...
>> --sysconfdir=/etc/ssh --with-ssl-engine --with-pam
>> I configure Heimdal 0.8 with : ./configure --prefix=/usr/local/heimdal
>> --sysconfdir=/etc/heimdal --without-ipv6 --with-x
>> I configure Arla 0.43 with : ./configure --prefix=/usr/local/arla
>> --sysconfdir=/etc/arla --with-x --with-sys=/usr/src/sys
>> I can't find a good solution... Normally Kerberos is one login and after
>> use ticket, but acutally I ned one keytab and mutiple login...
>> Does anybody have an idee about that ?
> The "stock" /etc/ssh/sshd_config has Kerberos (GSSAPI) authentication
> disabled; but if you're building your own OpenSSH, I suppose it depends
> on how you set things up.
I tried with gssapi too, but same result..
> You'll want to be sure that the sshd being started is yours, rather than
> the one from FreeBSD.
I'm sure :-)
> (And you might consider upgrading from 5.x.)
Arla run only on FreeBSD 5.5...