Kerberos support in SSH
Marcus Watts
mdw at umich.edu
Tue Apr 30 03:33:30 EDT 2002
"Phil Camus" <philippe.camus at in-fusio.com> writes:
> I have my Solaris 5.8 systems running SSH-3.1.0. I've decided to install
> Kerberos 5-1.0.6. Both softwares work fine, and I've decided to make the
> final step : to compile SSH with kerberos support.
>
> Unfortunately, here is what I got :
>
> ./configure --prefix=/data/tools/admin/ssh
> --with-kerberos5=/krb5
> --with-libwrap=/usr/lib/libwrap.a --without-none
> --disable-group-writeability
>
> .........
> checking whether to use Kerberos... yes
> checking for gethostbyname in -lresolv... (cached) yes
> checking for com_err in -lcom_err... (cached) yes
> checking for krb5_decrypt in -lk5crypto... (cached) no
> checking for krb5_auth_con_init in -lkrb5... (cached) no
> No Kerberos5 installed - support disabled.
> .........
>
> The krb5 directory includes the lib and include directories, and the
> binaries. I've looked for a while on the internet, but I coudn't find
> anything. Any help would be welcome !
When autoconf configure fails to find something that you think
it should find, the *first* place you should look is in config.log .
That file contains a log of what it tried to do, including the cc line,
test program, and error message(s). Here's a sample of the sort
of thing you might see (you won't see exactly this, because this came
out of a mutant copy of k5):
configure:1863: checking where struct rpcent is declared
configure:1874: cc -c -g -O2 -mv8 -DKRB5_RC6_SUPPORT -DKRB5_CAST_SUPPORT -DKRB5_NO_DES_SUPPORT -DKRB5_ECEKE_SUPPORT -I$(BUILDTOP)/include -I$(SRCTOP)/include -I$(BUILDTOP)/include/krb5 -I$(SRCTOP)/include/krb5 conftest.c 1>&5
configure: In function `main':
configure:1868: storage size of `e' isn't known
configure: failed program was:
#line 1865 "configure"
#include "confdefs.h"
#include <netdb.h>
int main() {
struct rpcent e;
char c = e.r_name[0];
int i = e.r_number;
; return 0; }
configure:1908: checking size of int
configure:1949: checking size of long
With some software packages (particularly K5 itself) there may be
multiple config.log files scattered through your target hierarchy.
So far as fixing your problem goes, assuming your k5 installation isn't
broken, you'll probably have to correspond with the ssh folks, not with
the kerberos mailing list; the people here probably aren't related to
whomever maintains SSH-3.1.0. People here can help you find problems
inside of kerberos, or understand interface issues using kerberos.
That might include interpreting the compile line & error message
you find in config.log, for instance, if it's not obvious to you.
People there can help you with ssh configuration and compile issues,
and may appreciate feedback that would help them improve their
distribution so that other people won't run into your problem.
Perhaps that might include telling you to look inside of config.log for
error messages (don't the installation notes already say that?)
They may also require a particular version of K5. I believe K5 1.0.6
is pretty old now, and 1.2 has significant improvements. If your
version of ssh uses openssl, for instance, you are very likely going
to need K5 1.2+.
-Marcus Watts
UM ITCS Umich Systems Group
More information about the Kerberos
mailing list