* [ISSUE] Kerberos 5 support for OpenSSH
@ 2019-06-16 8:51 voidlinux-github
2019-06-16 8:52 ` voidlinux-github
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: voidlinux-github @ 2019-06-16 8:51 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1843 bytes --]
New issue by znwulf on void-packages repository
https://github.com/void-linux/void-packages/issues/12486
Description: It appears OpenSSH is building without the '--with-kerberos5' flag rendering sshd unable to support Kerberos authentication. sshd fails config parsing tests raising 'unsupported option' errors and does not enable kerberos authentication support when restarted.
### System
* xuname: Void 4.19.50_1 x86_64 GenuineIntel/KVM uptodate rFF
* package: openssh 8.0p1 r2
### Expected behavior
Setting the following params in /etc/ssh/sshd_config:
```
# Kerberos options
KerberosAuthentication yes
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
```
Should pass sshd's config parsing:
```
[root@kerberos-1]# sshd -t
[root@kerberos-1]#
```
### Actual behavior
sshd config test fails with unsupported options:
```
[root@kerberos-1]# sshd -T
/etc/ssh/sshd_config line 52: Unsupported option KerberosAuthentication
/etc/ssh/sshd_config line 53: Unsupported option KerberosOrLocalPasswd
/etc/ssh/sshd_config line 54: Unsupported option KerberosTicketCleanup
/etc/ssh/sshd_config line 58: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 59: Unsupported option GSSAPICleanupCredentials
reprocess config line 52: Unsupported option KerberosAuthentication
reprocess config line 58: Unsupported option GSSAPIAuthentication
...
```
### Steps to reproduce the behavior
Enable the following params in /etc/ssh/sshd_config:
```
# Kerberos options
KerberosAuthentication yes
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
```
Run the sshd config parse test:
```
[root@kerberos-1]# sshd -T
[root@kerberos-1]#
```
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Kerberos 5 support for OpenSSH
2019-06-16 8:51 [ISSUE] Kerberos 5 support for OpenSSH voidlinux-github
@ 2019-06-16 8:52 ` voidlinux-github
2019-06-16 14:24 ` voidlinux-github
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: voidlinux-github @ 2019-06-16 8:52 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 227 bytes --]
New comment by znwulf on void-packages repository
https://github.com/void-linux/void-packages/issues/12486#issuecomment-502433529
Comment:
I believe this is just a change to the build options for the package. CC'ing @xtraeme
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Kerberos 5 support for OpenSSH
2019-06-16 8:51 [ISSUE] Kerberos 5 support for OpenSSH voidlinux-github
2019-06-16 8:52 ` voidlinux-github
@ 2019-06-16 14:24 ` voidlinux-github
2019-06-17 14:40 ` voidlinux-github
2019-06-17 14:40 ` [ISSUE] [CLOSED] " voidlinux-github
3 siblings, 0 replies; 5+ messages in thread
From: voidlinux-github @ 2019-06-16 14:24 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 428 bytes --]
New comment by steinex on void-packages repository
https://github.com/void-linux/void-packages/issues/12486#issuecomment-502456864
Comment:
The template already has support for this via the "gssapi" build option. It's just not the default because upstream doesn't build with Kerberos support per default either.
So you can just build your own Kerberos-enabled OpenSSH package via `./xbps-src pkg -o gssapi openssh`.
HTH.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Kerberos 5 support for OpenSSH
2019-06-16 8:51 [ISSUE] Kerberos 5 support for OpenSSH voidlinux-github
2019-06-16 8:52 ` voidlinux-github
2019-06-16 14:24 ` voidlinux-github
@ 2019-06-17 14:40 ` voidlinux-github
2019-06-17 14:40 ` [ISSUE] [CLOSED] " voidlinux-github
3 siblings, 0 replies; 5+ messages in thread
From: voidlinux-github @ 2019-06-17 14:40 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 488 bytes --]
New comment by xtraeme on void-packages repository
https://github.com/void-linux/void-packages/issues/12486#issuecomment-502711412
Comment:
Yeah, it's disabled by default because I didn't think it's needed commonly.
You can still build your own openssh and set it to `hold` or `repolock` modes to always keep it:
```
$ ./xbps-src -o gssapi pkg openssh
# xbps-install --repository=hostdir/binpkgs -yvf openssh
# xbps-pkgdb -m hold|repolock openssh
```
Thanks for the report!
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ISSUE] [CLOSED] Kerberos 5 support for OpenSSH
2019-06-16 8:51 [ISSUE] Kerberos 5 support for OpenSSH voidlinux-github
` (2 preceding siblings ...)
2019-06-17 14:40 ` voidlinux-github
@ 2019-06-17 14:40 ` voidlinux-github
3 siblings, 0 replies; 5+ messages in thread
From: voidlinux-github @ 2019-06-17 14:40 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1846 bytes --]
Closed issue by znwulf on void-packages repository
https://github.com/void-linux/void-packages/issues/12486
Description: It appears OpenSSH is building without the '--with-kerberos5' flag rendering sshd unable to support Kerberos authentication. sshd fails config parsing tests raising 'unsupported option' errors and does not enable kerberos authentication support when restarted.
### System
* xuname: Void 4.19.50_1 x86_64 GenuineIntel/KVM uptodate rFF
* package: openssh 8.0p1 r2
### Expected behavior
Setting the following params in /etc/ssh/sshd_config:
```
# Kerberos options
KerberosAuthentication yes
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
```
Should pass sshd's config parsing:
```
[root@kerberos-1]# sshd -t
[root@kerberos-1]#
```
### Actual behavior
sshd config test fails with unsupported options:
```
[root@kerberos-1]# sshd -T
/etc/ssh/sshd_config line 52: Unsupported option KerberosAuthentication
/etc/ssh/sshd_config line 53: Unsupported option KerberosOrLocalPasswd
/etc/ssh/sshd_config line 54: Unsupported option KerberosTicketCleanup
/etc/ssh/sshd_config line 58: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 59: Unsupported option GSSAPICleanupCredentials
reprocess config line 52: Unsupported option KerberosAuthentication
reprocess config line 58: Unsupported option GSSAPIAuthentication
...
```
### Steps to reproduce the behavior
Enable the following params in /etc/ssh/sshd_config:
```
# Kerberos options
KerberosAuthentication yes
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
```
Run the sshd config parse test:
```
[root@kerberos-1]# sshd -T
[root@kerberos-1]#
```
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-06-17 14:40 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-16 8:51 [ISSUE] Kerberos 5 support for OpenSSH voidlinux-github
2019-06-16 8:52 ` voidlinux-github
2019-06-16 14:24 ` voidlinux-github
2019-06-17 14:40 ` voidlinux-github
2019-06-17 14:40 ` [ISSUE] [CLOSED] " voidlinux-github
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).