Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

gssapi-with-mic and krb5 MIT problems

from [Brendan Bank] Network Security [Permanent Link]
Subject: gssapi-with-mic and krb5 MIT problems
Date: Thu, 07 Oct 2004 23:02:16 +0200 
Hi,

I have a MIT KDC(running 1.3) and I'm trying to get openssl with gssapi working. It used to work for us very well under earlier version of openssh but now it fails. And I'm realy not sure why. 

I've tried to compile openssh with Heimdal but that failed completely with the 
error:

Oct  7 22:28:48 srv1 sshd[37521]: fatal: Couldn't convert client name

Tried to compile with OpenSSH 3.8 with the Dia

Below is part of a logfile which is a server running OpenSSH 3.9p1 compiled 
with the krb5 libs from MIT version 1.3.4

Client side:

debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: 
publickey,gssapi-with-mic,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey

Server side:

Oct  7 22:37:47 srv1 sshd[50072]: debug3: Trying to reverse map address a.b.c.d.
Oct  7 22:37:47 srv1 sshd[50072]: debug1: userauth-request for user brendan 
service ssh-connection method none
Oct  7 22:37:47 srv1 sshd[50072]: debug1: attempt 0 failures 0
Oct  7 22:37:47 srv1 sshd[50072]: debug2: input_userauth_request: setting up 
authctxt for brendan
Oct  7 22:37:47 srv1 sshd[50072]: debug2: input_userauth_request: try method 
none
Oct  7 22:37:47 srv1 sshd[50072]: Failed none for brendan from a.b.c.d port 
2786 ssh2
Oct  7 22:37:47 srv1 sshd[50072]: debug1: userauth-request for user brendan 
service ssh-connection method gssapi-with-mic
Oct  7 22:37:47 srv1 sshd[50072]: debug1: attempt 1 failures 1
Oct  7 22:37:47 srv1 sshd[50072]: debug2: input_userauth_request: try method 
gssapi-with-mic
Oct  7 22:37:47 srv1 sshd[50072]: debug1: \n\n
Oct  7 22:37:47 srv1 sshd[50072]: Failed gssapi-with-mic for brendan from 
a.b.c.d port 2786 ssh2
Oct  7 22:37:47 srv1 sshd[50072]: debug1: userauth-request for user brendan 
service ssh-connection method keyboard-interactive
Oct  7 22:37:47 srv1 sshd[50072]: debug1: attempt 2 failures 2

openssh is complied with :

./configure --prefix=/usr/local/openssh --with-md5-passwords --with-pam 
--with-tcp-wrappers --disable-suid-ssh --with-kerberos5=/usr/local/krb5 
--sysconfdir=/usr/local/openssh/etc/ssh --with-privsep-path=/var/empty 
--without-rpath --with-ssl-dir=/usr --prefix=/usr/local/openssh 
i386-portbld-freebsd4.10

Can someone give me some advice how to make openssh/gssapi and MIT krb5 working 
again?

Many thanks,

- Brendan

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • gssapi-with-mic and krb5 MIT problems, Brendan Bank <=
Previous by Date:  Re: ssh processes lingering after scp, Darren Tucker
Next by Date:  Re: How to verify Privilege Separation is working?, Philip Le Riche
Previous by Thread:  ssh processes lingering after scp, Susan McConnell
Next by Thread:  Re: How to verify Privilege Separation is working?, Philip Le Riche
Indexes:  [Date] [Thread] [Top] [All Lists]