From owner-freebsd-stable  Wed May 23 12:16:23 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from shell1.nominum.com (shell1.nominum.com [204.152.187.163])
	by hub.freebsd.org (Postfix) with ESMTP id 291C037B424
	for <freebsd-stable@freebsd.org>; Wed, 23 May 2001 12:16:20 -0700 (PDT)
	(envelope-from Peter.Losher@nominum.com)
Received: by shell1.nominum.com (Postfix, from userid 10188)
	id ECD9022641; Wed, 23 May 2001 12:15:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by shell1.nominum.com (Postfix) with ESMTP
	id EA79220F01; Wed, 23 May 2001 12:15:29 -0700 (PDT)
Date: Wed, 23 May 2001 12:15:29 -0700 (PDT)
From: Peter Losher <Peter.Losher@nominum.com>
To: "Jacques A. Vidrine" <n@nectar.com>
Cc: Peter Losher <Peter.Losher@nominum.com>,
	<freebsd-stable@freebsd.org>
Subject: Re: OpenSSH and Krb5, FreeBSD style...
In-Reply-To: <20010523111132.B441@shade.nectar.com>
Message-ID: <Pine.NEB.4.33.0105231124500.9543-100000@shell1.nominum.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Wed, 23 May 2001, Jacques A. Vidrine wrote:

> On Wed, May 23, 2001 at 09:04:43AM -0700, Peter Losher wrote:
> > First off, it shouldn't be looking at /usr/lib for any Kerberos libraries,
> > it should be looking at /usr/local/krb5/lib as defined in configure.  I
> > will go ahead and take a look at the Makefiles for SSH2, but is there any
> > way to prevent this 'mis-lookup'?
>
> This is  a bug in  SSH2's configure/build mechanism.  Sounds  like the
> author  neglected  to be  sure  that  if  you  specify where  to  find
> libraries, that you  feed those paths to the linker  first.  It is not
> uncommon.  Fix it, and send patches back to the author.

Good news - I finally got the OpenSSH client to do Kerberos on my
4.3-RELEASE box (My problem was that I uncommented almost all of the
Kerberos options, when only KerberosAuthenication was needed/supported)
Ticket Authenication seems to work fine doing 'ssh -1', 'ssh -2' goes to
password auth.

Bad news, UW-IMAP suffers from the same linker problem <sigh>.  Also, SSHD
refuses to take any Krb5 authentication, tkt or password.  I installed
pam_krb5 from ports, replaced the commented out Krb4 line under sshd with
one for pam_krb5.so, and now sshd segfaults whenever you type in a Kerberos
password. <sigh>

The joys of debugging - Any ideas?

-Peter
-- 
Peter.Losher@nominum.com - [ Systems Admin. | Nominum, Inc. ]




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message