Kerberized authentication with SecureCRT 4.1.8

Sam Hartman hartmans at MIT.EDU
Fri Oct 1 13:46:06 EDT 2004


>>>>> "Douglas" == Douglas E Engert <deengert at anl.gov> writes:

    Douglas> rachel elizabeth dillon wrote:

    >> I have an existing MIT Kerberos realm with Kerberized SSH
    >> logins over GSSAPI using method external-keyx. I want to be
    >> able to connect to this realm from a Windows machine. The owner
    >> of the realm has a SecureCRT license, so I started there. With
    >> MIT KfW 2.6.5 installed on the machine (which is running
    >> Windows 2003), I am able to make a connection which gets me a
    >> host ticket and the pre-login banner but then fails with an
    >> error of "GSSAPI authentication with the server could not be
    >> completed." Running an sshd -d -d -d on the server machine, I
    >> see that it tries to connect first with method "none," which
    >> tries to use PAM and fails (PAM is not configured on this
    >> server past the defaults), and then tries to use method
    >> "gssapi," which fails as follows:
    >> 

    Douglas> It should work, I have used SecureCRT-4.1.3 with KfW to
    Douglas> OpenSSH sshd versions 3.1, through 3.9. Note that the
    Douglas> gssapi code was changed to gssapi-with-mic as there was a
    Douglas> security problem. SecureCRT should work with either.

I believe Rachel is running into a bug in my Debian packages.  I think
I understand what's going on.  I managed to misapply part of Simon's
3.6 patches such that the Debian server cannot deal with a
properly-encoded OID.



More information about the Kerberos mailing list