JISCMail - MOONSHOT-COMMUNITY Archives

> Hi Sam,
>
> I'm sorry for my delayed reply. My mailbox is a mess.
> The mech_eap.so file exists at /usr/lib64/gss.
> The content of the /etc/gss/mech file looks exactely like the example.
> We use the standard Kerberos libraries.
>
> We compiled the openssh client/server using the moonshot.git. We
> configured openssh using:
>
> ./configure --prefix=/opt/moonshot/openssh --with-kerberos5 --with-pam
> (like the Wiki @Janet).
> Am I missing something? The rest of the packages are installed using the
> new RPMs (using yum install moonshot-gss-eap).
>
> Koen

Hello,

I'm having almost the same problem. I'm using openssh 5.9p1 from git 
server as recommended by Sam, but the client keeps failing with the 
following:

debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

gss-client and gss-server works, so it should not be related with 
mech_eap, but with openssh.

Did you find a solution for this?

Regards,
Alejandro

> On 29/4/13 4:32 PM, Sam Hartman wrote:
>> Hi.
>> It doesn't look like Moonshot was tried at all.
>> The GSS errors you are getting are all  Kerberos-related.
>> There's no evidence it tried Moonshot at all.
>>
>> Did you use the native Kerberos libraries?
>>
>> If so, what is the contents of your /etc/gss/mech file?
>> It should include the moonshot mechanism.
>> Something like
>>
>> eap-aes128              1.3.6.1.5.5.15.1.1.17           mech_eap.so
>> eap-aes256              1.3.6.1.5.5.15.1.1.18           mech_eap.so
>>                                                   
>>
>> and the mech_eap.so should be in /usr/lib64/gss and/or /usr/lib/gss
>> depending on architecture (x86_64 vs 686).
>> Note that where mech_eap.so gets installed depends on the --libdir
>> setting of your configure line and /etc/gss/mech requires manual
>> handling.
>>
>> --Sam
>>