From owner-freebsd-ports@FreeBSD.ORG Tue Feb 26 18:16:52 2008 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C1A80106566B; Tue, 26 Feb 2008 18:16:52 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: from blah.sun-fish.com (blah.sun-fish.com [217.18.249.150]) by mx1.freebsd.org (Postfix) with ESMTP id 7682A13C45B; Tue, 26 Feb 2008 18:16:52 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: by blah.sun-fish.com (Postfix, from userid 1002) id E0A081B10F2B; Tue, 26 Feb 2008 18:59:57 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on blah.cmotd.com X-Spam-Level: X-Spam-Status: No, score=-8.3 required=5.0 tests=ALL_TRUSTED,BAYES_00, MANGLED_PILL autolearn=no version=3.2.3 Received: from hater.haters.org (hater.cmotd.com [192.168.3.125]) by blah.sun-fish.com (Postfix) with ESMTP id F41BD1B10EF8; Tue, 26 Feb 2008 18:59:51 +0100 (CET) Message-ID: <47C45397.5090104@moneybookers.com> Date: Tue, 26 Feb 2008 19:59:51 +0200 From: Stefan Lambrev User-Agent: Thunderbird 2.0.0.9 (X11/20080212) MIME-Version: 1.0 To: ports@freebsd.org, shaun@FreeBSD.org, mnag@FreeBSD.org Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.91.2/6003/Tue Feb 26 12:34:31 2008 on blah.cmotd.com X-Virus-Status: Clean Cc: Subject: security/heimdal & openssh-portable problems X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2008 18:16:52 -0000 Greetings, As described here: http://www.mail-archive.com/freebsd-ports@freebsd.org/msg10808.html upgrading heimdal break kauth (and openssh-portable). If I replace /usr/lib/libasn1.so.8 with /usr/local/lib/libasn1.so.8 ssh partly works, but gssapi-with-mic is still broken and I cannot login anymore. Here is some debug info from ssh -vvvv: debug3: authmethod_lookup gssapi-with-mic debug3: remaining preferred: publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive This worked with older heimdal without problems: debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentication succeeded (gssapi-with-mic). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 I'm using FreeBSD 7.0-RC1 i386, openssh-gssapi-4.7.p1_1,1 & heimdal-1.0.1 Openssh is compiled with KRB5_HOME=/usr/local/ (but removing it doesn't help except that I can build ssh) Any ideas how to get gssapi-keyex working again ? or should I just downgrade heimdal to 0.7.2_2? Btw it will be nice if the base ssh in FreeBSD 7 works with gssapi-with-mic too :) -- Best Wishes, Stefan Lambrev ICQ# 24134177