Password-less authentication with OpenSSH 3.6.1 and krb5/GSSAPI
Garrett Wollman
wollman at lcs.mit.edu
Fri Jun 27 23:28:23 EDT 2003
In article <1056765024.2901.19.camel at edmond>,
Kerry Thompson <kerry at crypt.gen.nz> wrote:
>A few days ago someone posted a problem here where they couldn't get
>password-less authentication working properly with OpenSSH 3.6.1 patched
>with Simon Wilkinson's GSSAPI patch and compiled with krb5. I've deleted
>the messages out so I'm not sure who it was.
Works for me. There were a few issues that I noted in updating the
FreeBSD port:
- Something tries very hard to screw up the -I, -L, and -rpath search
orders by putting /usr/{include,lib} first.
- The MIT Kerberos distribution generates broken ELF shared libraries
(they are missing an SONAME), which combines with the previous problem
to cause the application to link against conflicting libcom_err
libraries, which is not detected at either compile or run time.
I fixed the first problem by manually editing config.status to remove
the erroneous directives from the compilation command lines. I fixed
the second problem by patching the krb5 port to generate the libraries
correctly.
-GAWollman
--
Garrett A. Wollman | As the Constitution endures, persons in every
wollman at lcs.mit.edu | generation can invoke its principles in their own
Opinions not those of| search for greater freedom.
MIT, LCS, CRS, or NSA| - A. Kennedy, Lawrence v. Texas, 539 U.S. ___ (2003)
More information about the Kerberos
mailing list