[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with OpenSSH

To: David Wolfskill <dhw@mail-abuse.org>
Subject: Re: Problem with OpenSSH
From: Antoine MILLET <antoine.millet@staff.epita.fr>
Date: Wed, 01 Aug 2007 18:26:08 +0200
CC: heimdal-discuss@sics.se
In-Reply-To: <20070801162235.GU8828@catmint.mail-abuse.org>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <46B0B05E.6000705@staff.epita.fr> <20070801162235.GU8828@catmint.mail-abuse.org>
Reply-To: heimdal-discuss@sics.se, Antoine MILLET <antoine.millet@staff.epita.fr>
User-Agent: Thunderbird 2.0.0.5 (Windows/20070716)

David Wolfskill wrote:
> On Wed, Aug 01, 2007 at 06:10:06PM +0200, Antoine MILLET wrote:
>   
>> Actually I'm using FreeBSD 5.5 under 1000 computers (EPITA / EPITECH, 
>> French Computer School).
>>
>> Before July we ran NetBSD / NFS and now we've moved to FreeBSD / AFS.
>>
>> I've a problem with OpenSSH / Heimdal / Arla
>>
>> - GDM run perfectily with my krb5.conf, and I get kerberos ticket and 
>> afs tokens (I had an "afslog" in GDM's Xsession script).
>> - KINIT work perfectly with my krb5.conf, and I get kerberos ticket and 
>> afs tokens without any problem by running `kinit USERNAME`
>> *but*
>> OpenSSH don't log users without a keytab containing the host 
>> principal... Without this keytab I can log on the host.
>> I configure OpenSSH 4.6 with : ./configure --prefix=/usr 
>>     
>
> Err... you're not using the OpenSSH included as part of FreeBSD, then?
>
>   
I tried to build OpenSSH directly from src because because OpenSSH in 
ports doesn't run with kerberos...
>> --sysconfdir=/etc/ssh --with-ssl-engine --with-pam 
>> --with-kerberos5=/usr/local/heimdal
>> I configure Heimdal 0.8 with : ./configure --prefix=/usr/local/heimdal 
>> --sysconfdir=/etc/heimdal --without-ipv6 --with-x
>> I configure Arla 0.43 with : ./configure --prefix=/usr/local/arla 
>> --sysconfdir=/etc/arla --with-x --with-sys=/usr/src/sys 
>> --with-krb5=/usr/local/heimdal 
>> --with-krb5-include=/usr/local/heimdal/include 
>> --with-krb5-lib=/usr/local/heimdal/lib
>>
>> I can't find a good solution... Normally Kerberos is one login and after 
>> use ticket, but acutally I ned one keytab and mutiple login...
>>
>> Does anybody have an idee about that ?
>>     
>
> The "stock" /etc/ssh/sshd_config has Kerberos (GSSAPI) authentication
> disabled; but if you're building your own OpenSSH, I suppose it depends
> on how you set things up.
>   
I tried with gssapi too,  but same result..
> You'll want to be sure that the sshd being started is yours, rather than
> the one from FreeBSD.
>   
I'm sure :-)
> (And you might consider upgrading from 5.x.)
>   
Arla run only on FreeBSD 5.5...

References:
- Problem with OpenSSH
  - From: Antoine MILLET <antoine.millet@staff.epita.fr>

Prev by Date: Problem with OpenSSH
Next by Date: Re: Problem with OpenSSH
Prev by thread: Problem with OpenSSH
Next by thread: Re: Problem with OpenSSH
Index(es):
- Date
- Thread