This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ITP] heimdal

On Mar 23 14:43, Yaakov (Cygwin/X) wrote:
> On 2012-03-23 04:04, Corinna Vinschen wrote:
> >On Mar 22 21:03, Yaakov (Cygwin/X) wrote:
> >>So while I suspect we're going to get a lot of questions on the
> >>list, as this is working properly, I'm going to go ahead and upload
> >>this with the fixed localstatedir.
> >
> >Thank you, that sounds like a good idea.  However, I didn't have a
> >problem with kinit.  I could also create a ticket, but ssh -K didn't
> >work and only printed this confusing error message "unknown mech-code
> >2529639054 ..."
> >
> >Perhaps I did something invalid?  My KDC is a 2008 AD DC.  I tried to
> >ssh to my Linux box which only connection to AD is the kr5.conf file for
> >Samba.  Sure, I changed the sshd_config file to allow GSSAPI and
> >Kerberos, but... is there anything else to do to get that working, maybe?
> Did you create a /etc/krb5.keytab?  I think this needs to be done
> with ktpass:

Thanks for the hint.  With this, I also found a full receipt

It seems to be a step in the right direction but it still didn't work
for me.  I created a file fir the Linux machine with the "/crypt all"
option, which results in a keytab file with 5 encryptions: DES-CBC-CRC,
DES-CBC-MD5, RC4-HMAC, AES256-SHA1, and AES128-SHA1.  Then I tried 
kinit with all support encryptions per the krb5.conf man page.  For
some reason the AES encryptions didn't work at all.  When I tried to
set default_etypes = aes256-cts-hmac-sha1-96 on the Cygwin machine,
kinit failed with "unsupported encryption".  In all other cases I still
got the ssh log output:

  debug1:  Miscellaneous failure (see text)
  unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10

  debug2: we sent a gssapi-with-mic packet, wait for reply
  debug1: Delegating credentials
  debug1: Delegating credentials
  debug1:  Miscellaneous failure (see text)
  Generic error (see e-text)

Oh well, I guess I just give up.  You proved that it works and I'm
trying a pretty unlikely combination.

> I'll try to get back to this after the weekend.

Only if you like.  Otherwise, let's just go ahead.

Thanks for your help,

Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]