Hello,
I’m trying to get Moonshot working, but it fails on the policy abfab_channel_bindings, because it cannot find any of
outer.request:GSS-Acceptor-Host-Name
outer.request:GSS-Acceptor-Service-Name
outer.request:GSS-Acceptor-Realm-Name
I established this with explicit tests like
if (! (outer.request:GSS-Acceptor-Host-Name)) {
reject
}
which lead to log output
(9) authorize {
(9) abfab_channel_bindings abfab_channel_bindings {
(9) if (!( outer.request:GSS-Acceptor-Host-Name))
(9) if (!( outer.request:GSS-Acceptor-Host-Name)) -> TRUE
(9) if (!( outer.request:GSS-Acceptor-Host-Name)) {
(9) [reject] = reject
(9) } # if (!( outer.request:GSS-Acceptor-Host-Name)) = reject
(9) } # abfab_channel_bindings abfab_channel_bindings = reject
(9) } # authorize = reject
Placing “handled” in the beginning of abfab_channel_bindings results in succeeded login, but the OpenSSH client then reports…
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
…after which it continues with other authentication methods! FWIW, it selects the TTLS method for EAP, and tries (and succeeds) twice.
What is wrong??
Thanks,
-Rick
|