Password-less authentication with OpenSSH 3.6.1 and krb5/GSSAPI

Garrett Wollman wollman at
Fri Jun 27 23:28:23 EDT 2003

In article <1056765024.2901.19.camel at edmond>,
Kerry Thompson <kerry at> wrote:
>A few days ago someone posted a problem here where they couldn't get
>password-less authentication working properly with OpenSSH 3.6.1 patched
>with Simon Wilkinson's GSSAPI patch and compiled with krb5. I've deleted
>the messages out so I'm not sure who it was.

Works for me.  There were a few issues that I noted in updating the
FreeBSD port:

- Something tries very hard to screw up the -I, -L, and -rpath search
orders by putting /usr/{include,lib} first.

- The MIT Kerberos distribution generates broken ELF shared libraries
(they are missing an SONAME), which combines with the previous problem
to cause the application to link against conflicting libcom_err
libraries, which is not detected at either compile or run time.

I fixed the first problem by manually editing config.status to remove
the erroneous directives from the compilation command lines.  I fixed
the second problem by patching the krb5 port to generate the libraries


Garrett A. Wollman   | As the Constitution endures, persons in every
wollman at  | generation can invoke its principles in their own
Opinions not those of| search for greater freedom.
MIT, LCS, CRS, or NSA| - A. Kennedy, Lawrence v. Texas, 539 U.S. ___ (2003)

More information about the Kerberos mailing list