> Hi Sam, > > I'm sorry for my delayed reply. My mailbox is a mess. > The mech_eap.so file exists at /usr/lib64/gss. > The content of the /etc/gss/mech file looks exactely like the example. > We use the standard Kerberos libraries. > > We compiled the openssh client/server using the moonshot.git. We > configured openssh using: > > ./configure --prefix=/opt/moonshot/openssh --with-kerberos5 --with-pam > (like the Wiki @Janet). > Am I missing something? The rest of the packages are installed using the > new RPMs (using yum install moonshot-gss-eap). > > Koen Hello, I'm having almost the same problem. I'm using openssh 5.9p1 from git server as recommended by Sam, but the client keeps failing with the following: debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available gss-client and gss-server works, so it should not be related with mech_eap, but with openssh. Did you find a solution for this? Regards, Alejandro > On 29/4/13 4:32 PM, Sam Hartman wrote: >> Hi. >> It doesn't look like Moonshot was tried at all. >> The GSS errors you are getting are all Kerberos-related. >> There's no evidence it tried Moonshot at all. >> >> Did you use the native Kerberos libraries? >> >> If so, what is the contents of your /etc/gss/mech file? >> It should include the moonshot mechanism. >> Something like >> >> eap-aes128 1.3.6.1.5.5.15.1.1.17 mech_eap.so >> eap-aes256 1.3.6.1.5.5.15.1.1.18 mech_eap.so >> >> >> and the mech_eap.so should be in /usr/lib64/gss and/or /usr/lib/gss >> depending on architecture (x86_64 vs 686). >> Note that where mech_eap.so gets installed depends on the --libdir >> setting of your configure line and /etc/gss/mech requires manual >> handling. >> >> --Sam >>