Hi Sam,
I'm sorry for my delayed reply. My mailbox is a mess.
The mech_eap.so file exists at /usr/lib64/gss.
The content of the /etc/gss/mech file looks exactely like the example.
We use the standard Kerberos libraries.
We compiled the openssh client/server using the moonshot.git. We
configured openssh using:
./configure --prefix=/opt/moonshot/openssh --with-kerberos5 --with-pam
(like the Wiki @Janet).
Am I missing something? The rest of the packages are installed using the
new RPMs (using yum install moonshot-gss-eap).
Koen
On 29/4/13 4:32 PM, Sam Hartman wrote:
> Hi.
> It doesn't look like Moonshot was tried at all.
> The GSS errors you are getting are all Kerberos-related.
> There's no evidence it tried Moonshot at all.
>
> Did you use the native Kerberos libraries?
>
> If so, what is the contents of your /etc/gss/mech file?
> It should include the moonshot mechanism.
> Something like
>
> eap-aes128 1.3.6.1.5.5.15.1.1.17 mech_eap.so
> eap-aes256 1.3.6.1.5.5.15.1.1.18 mech_eap.so
>
>
> and the mech_eap.so should be in /usr/lib64/gss and/or /usr/lib/gss
> depending on architecture (x86_64 vs 686).
> Note that where mech_eap.so gets installed depends on the --libdir
> setting of your configure line and /etc/gss/mech requires manual
> handling.
>
> --Sam
>
|