* [ISSUE] Kerberos 5 support for OpenSSH @ 2019-06-16 8:51 voidlinux-github 2019-06-16 8:52 ` voidlinux-github ` (3 more replies) 0 siblings, 4 replies; 5+ messages in thread From: voidlinux-github @ 2019-06-16 8:51 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 1843 bytes --] New issue by znwulf on void-packages repository https://github.com/void-linux/void-packages/issues/12486 Description: It appears OpenSSH is building without the '--with-kerberos5' flag rendering sshd unable to support Kerberos authentication. sshd fails config parsing tests raising 'unsupported option' errors and does not enable kerberos authentication support when restarted. ### System * xuname: Void 4.19.50_1 x86_64 GenuineIntel/KVM uptodate rFF * package: openssh 8.0p1 r2 ### Expected behavior Setting the following params in /etc/ssh/sshd_config: ``` # Kerberos options KerberosAuthentication yes KerberosOrLocalPasswd yes KerberosTicketCleanup yes # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes ``` Should pass sshd's config parsing: ``` [root@kerberos-1]# sshd -t [root@kerberos-1]# ``` ### Actual behavior sshd config test fails with unsupported options: ``` [root@kerberos-1]# sshd -T /etc/ssh/sshd_config line 52: Unsupported option KerberosAuthentication /etc/ssh/sshd_config line 53: Unsupported option KerberosOrLocalPasswd /etc/ssh/sshd_config line 54: Unsupported option KerberosTicketCleanup /etc/ssh/sshd_config line 58: Unsupported option GSSAPIAuthentication /etc/ssh/sshd_config line 59: Unsupported option GSSAPICleanupCredentials reprocess config line 52: Unsupported option KerberosAuthentication reprocess config line 58: Unsupported option GSSAPIAuthentication ... ``` ### Steps to reproduce the behavior Enable the following params in /etc/ssh/sshd_config: ``` # Kerberos options KerberosAuthentication yes KerberosOrLocalPasswd yes KerberosTicketCleanup yes # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes ``` Run the sshd config parse test: ``` [root@kerberos-1]# sshd -T [root@kerberos-1]# ``` ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Kerberos 5 support for OpenSSH 2019-06-16 8:51 [ISSUE] Kerberos 5 support for OpenSSH voidlinux-github @ 2019-06-16 8:52 ` voidlinux-github 2019-06-16 14:24 ` voidlinux-github ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: voidlinux-github @ 2019-06-16 8:52 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 227 bytes --] New comment by znwulf on void-packages repository https://github.com/void-linux/void-packages/issues/12486#issuecomment-502433529 Comment: I believe this is just a change to the build options for the package. CC'ing @xtraeme ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Kerberos 5 support for OpenSSH 2019-06-16 8:51 [ISSUE] Kerberos 5 support for OpenSSH voidlinux-github 2019-06-16 8:52 ` voidlinux-github @ 2019-06-16 14:24 ` voidlinux-github 2019-06-17 14:40 ` voidlinux-github 2019-06-17 14:40 ` [ISSUE] [CLOSED] " voidlinux-github 3 siblings, 0 replies; 5+ messages in thread From: voidlinux-github @ 2019-06-16 14:24 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 428 bytes --] New comment by steinex on void-packages repository https://github.com/void-linux/void-packages/issues/12486#issuecomment-502456864 Comment: The template already has support for this via the "gssapi" build option. It's just not the default because upstream doesn't build with Kerberos support per default either. So you can just build your own Kerberos-enabled OpenSSH package via `./xbps-src pkg -o gssapi openssh`. HTH. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Kerberos 5 support for OpenSSH 2019-06-16 8:51 [ISSUE] Kerberos 5 support for OpenSSH voidlinux-github 2019-06-16 8:52 ` voidlinux-github 2019-06-16 14:24 ` voidlinux-github @ 2019-06-17 14:40 ` voidlinux-github 2019-06-17 14:40 ` [ISSUE] [CLOSED] " voidlinux-github 3 siblings, 0 replies; 5+ messages in thread From: voidlinux-github @ 2019-06-17 14:40 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 488 bytes --] New comment by xtraeme on void-packages repository https://github.com/void-linux/void-packages/issues/12486#issuecomment-502711412 Comment: Yeah, it's disabled by default because I didn't think it's needed commonly. You can still build your own openssh and set it to `hold` or `repolock` modes to always keep it: ``` $ ./xbps-src -o gssapi pkg openssh # xbps-install --repository=hostdir/binpkgs -yvf openssh # xbps-pkgdb -m hold|repolock openssh ``` Thanks for the report! ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ISSUE] [CLOSED] Kerberos 5 support for OpenSSH 2019-06-16 8:51 [ISSUE] Kerberos 5 support for OpenSSH voidlinux-github ` (2 preceding siblings ...) 2019-06-17 14:40 ` voidlinux-github @ 2019-06-17 14:40 ` voidlinux-github 3 siblings, 0 replies; 5+ messages in thread From: voidlinux-github @ 2019-06-17 14:40 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 1846 bytes --] Closed issue by znwulf on void-packages repository https://github.com/void-linux/void-packages/issues/12486 Description: It appears OpenSSH is building without the '--with-kerberos5' flag rendering sshd unable to support Kerberos authentication. sshd fails config parsing tests raising 'unsupported option' errors and does not enable kerberos authentication support when restarted. ### System * xuname: Void 4.19.50_1 x86_64 GenuineIntel/KVM uptodate rFF * package: openssh 8.0p1 r2 ### Expected behavior Setting the following params in /etc/ssh/sshd_config: ``` # Kerberos options KerberosAuthentication yes KerberosOrLocalPasswd yes KerberosTicketCleanup yes # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes ``` Should pass sshd's config parsing: ``` [root@kerberos-1]# sshd -t [root@kerberos-1]# ``` ### Actual behavior sshd config test fails with unsupported options: ``` [root@kerberos-1]# sshd -T /etc/ssh/sshd_config line 52: Unsupported option KerberosAuthentication /etc/ssh/sshd_config line 53: Unsupported option KerberosOrLocalPasswd /etc/ssh/sshd_config line 54: Unsupported option KerberosTicketCleanup /etc/ssh/sshd_config line 58: Unsupported option GSSAPIAuthentication /etc/ssh/sshd_config line 59: Unsupported option GSSAPICleanupCredentials reprocess config line 52: Unsupported option KerberosAuthentication reprocess config line 58: Unsupported option GSSAPIAuthentication ... ``` ### Steps to reproduce the behavior Enable the following params in /etc/ssh/sshd_config: ``` # Kerberos options KerberosAuthentication yes KerberosOrLocalPasswd yes KerberosTicketCleanup yes # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes ``` Run the sshd config parse test: ``` [root@kerberos-1]# sshd -T [root@kerberos-1]# ``` ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-06-17 14:40 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-06-16 8:51 [ISSUE] Kerberos 5 support for OpenSSH voidlinux-github 2019-06-16 8:52 ` voidlinux-github 2019-06-16 14:24 ` voidlinux-github 2019-06-17 14:40 ` voidlinux-github 2019-06-17 14:40 ` [ISSUE] [CLOSED] " voidlinux-github
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).