This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ITP] heimdal


On Mar 23 14:43, Yaakov (Cygwin/X) wrote:
> On 2012-03-23 04:04, Corinna Vinschen wrote:
> >On Mar 22 21:03, Yaakov (Cygwin/X) wrote:
> >>So while I suspect we're going to get a lot of questions on the
> >>list, as this is working properly, I'm going to go ahead and upload
> >>this with the fixed localstatedir.
> >
> >Thank you, that sounds like a good idea.  However, I didn't have a
> >problem with kinit.  I could also create a ticket, but ssh -K didn't
> >work and only printed this confusing error message "unknown mech-code
> >2529639054 ..."
> >
> >Perhaps I did something invalid?  My KDC is a 2008 AD DC.  I tried to
> >ssh to my Linux box which only connection to AD is the kr5.conf file for
> >Samba.  Sure, I changed the sshd_config file to allow GSSAPI and
> >Kerberos, but... is there anything else to do to get that working, maybe?
> 
> Did you create a /etc/krb5.keytab?  I think this needs to be done
> with ktpass:
> 
> http://technet.microsoft.com/en-us/library/cc753771%28v=ws.10%29.aspx

Thanks for the hint.  With this, I also found a full receipt
http://technet.microsoft.com/en-us/library/bb742433.aspx

It seems to be a step in the right direction but it still didn't work
for me.  I created a file fir the Linux machine with the "/crypt all"
option, which results in a keytab file with 5 encryptions: DES-CBC-CRC,
DES-CBC-MD5, RC4-HMAC, AES256-SHA1, and AES128-SHA1.  Then I tried 
kinit with all support encryptions per the krb5.conf man page.  For
some reason the AES encryptions didn't work at all.  When I tried to
set default_etypes = aes256-cts-hmac-sha1-96 on the Cygwin machine,
kinit failed with "unsupported encryption".  In all other cases I still
got the ssh log output:

  debug1:  Miscellaneous failure (see text)
  unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10

  debug2: we sent a gssapi-with-mic packet, wait for reply
  debug1: Delegating credentials
  debug1: Delegating credentials
  debug1:  Miscellaneous failure (see text)
  Generic error (see e-text)

Oh well, I guess I just give up.  You proved that it works and I'm
trying a pretty unlikely combination.

> I'll try to get back to this after the weekend.

Only if you like.  Otherwise, let's just go ahead.


Thanks for your help,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]