[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: incompatibility with solaris gssapi implementation?
On Sat, 12 Aug 2006 20:41:15 +0200
vadim <vadim.tarassov@swissonline.ch> wrote:
> Hi all,
>
> I am trying to ssh to solaris 10 box which runs sun's ssh with sun's
> implementation of GSSAPI. As client I use openssh + heimdal 0.7.2. In the log
> of the ssh daemon on solaris box I see following message:
>
> "Client offered gssapi userauth with { 1 3 6 1 5 5 2 } (unsupported)"
>
> At this moment all attempts to authenticate via gssapi-with-mic fail. Do you
> know what is wrong?
1.3.6.1.5.5.2 is SPNEGO. SPNEGO is a pseudo-mechanism used to
negotiate a real mechanism (e.g. Kerberos). SPNEGO is used primarily
for authenticating with Microsoft Windows servers. It's a little strange
that the client is even trying SPENGO because as the default mechanism
is Kerberos. I believe one would have to explicitly specify SPNEGO with
GSSAPI client routines to provide SPNEGO behavior. Perhaps there's a
config option that is set inappropriately.
Mike
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/