[19486] in Kerberos
Password-less authentication with OpenSSH 3.6.1 and krb5/GSSAPI
daemon@ATHENA.MIT.EDU (Kerry Thompson)
Fri Jun 27 22:00:10 2003
From: Kerry Thompson <kerry@crypt.gen.nz>
To: kerberos@mit.edu
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: 28 Jun 2003 13:50:24 +1200
Message-Id: <1056765024.2901.19.camel@edmond>
Mime-Version: 1.0
Errors-To: kerberos-bounces@mit.edu
A few days ago someone posted a problem here where they couldn't get
password-less authentication working properly with OpenSSH 3.6.1 patched
with Simon Wilkinson's GSSAPI patch and compiled with krb5. I've deleted
the messages out so I'm not sure who it was.
I've since run into the same problem, it seems that OpenSSH with Simon's
patch doesn't enable GSSAPI properly when built out of the box. Maybe a
problem with the patched ./configure or configure.ac or autoconf or
something. You can quickly check the status by running 'grep -i gssapi
Makefile' and seeing if you've got the GSSAPI stuff being linked into
the OpenSSH build or not.
I found that after applying Simon's patch, I had to run the OpenSSH
configure as this :
./configure --with-kerberos5=<path_to_MITkrb5_installed_src>
--with-cppflags="-DGSSAPI -I/usr/local/include/gssapi"
--with-libs="-lgssapi_krb5"
and this builds a good OpenSSH with GSSAPI that does not prompt for
passwords between systems ( tested on two RedHat Linux boxes and MIT
krb5 1.2.8 ).
Kerry
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
