[OpenAFS] Problem with pam on debian with 1.3.81 kernel 2.6.11
Douglas E. Engert
deengert@anl.gov
Thu, 14 Apr 2005 13:39:38 -0500
Russ Allbery wrote:
> Derek Atkins <warlord@MIT.EDU> writes:
>
>
>>I can't seem to get the verion in FC3 to work at all. It's 3.9p1, and
>>it seems to support gssapi-with-mic but apparantly the servers I'm
>>trying to contact only support "gssapi". :(
>
>
>>debug1: Authentications that can continue: external-keyx,gssapi,password
>>debug3: start over, passed a different list external-keyx,gssapi,password
>>debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
>>debug3: authmethod_lookup password
>>debug3: remaining preferred: ,publickey,keyboard-interactive,password
>>debug3: authmethod_is_enabled password
>>debug1: Next authentication method: password
>
>
> Yeah, there was an incompatible change to the protocol and most of the
> implementations I've seen supporting the new gssapi-with-mic don't support
> the old gssapi protocol (which has various problems). This stuff is
> converging, but slowly.
There is a gssapimitm.patch for OpenSSH-3.8 that will let it
do both if you set: "GSSAPIEnableMITMAttack yes". Its from March 2004.
So you can interoperate if you update the old server, or add this
patch as a conversion aid and live with the problem for a while.
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444