X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; q=dns; s=default; b=OhnBM1OEy0HrApviq0e7rhSjJFCy97lB5rVA7Ft9PYh 4U9YMnDpc2XN3YxBzt0U3vURELloLPtkuIMlYUx42csF0yyTlOt33TYGR750o/uu X1iC63sBwESWc76B3SNkoe9bRIA3SZJvE1SDcZdZ/YI8dstJtriyZ+PUGWrhaL0c = DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; s=default; bh=Aav2bP0kow0eyJrGhaQ6D31Ehzo=; b=Bf7HT/rqbnS5UYWEl SyiBfrB3fB63RqWXiHyN9eYVGoGsnNRzj1wNZvQV5UIUrKqpW/nBTtmFVflhDvQH KF+fwMcb+VN6rz+aw9lJdlDB3ihG2GV8FV0NpFLiKiq9z3NDoag/Sy2EfzLaRiUF 9ugNGLgQ0ZrfpOqfG6+Z4Fts9U= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,KHOP_THREADED autolearn=ham version=3.3.1 X-MDAV-Result: clean X-MDAV-Processed: mail.secure-endpoints.com, Thu, 20 Jun 2013 18:56:04 -0400 X-Spam-Processed: mail.secure-endpoints.com, Thu, 20 Jun 2013 18:56:04 -0400 (not processed: message from trusted or authenticated source) X-Return-Path: jaltman@openafs.org X-Envelope-From: jaltman@openafs.org X-MDaemon-Deliver-To: cygwin@cygwin.com Message-ID: <51C38880.3090401@openafs.org> Date: Thu, 20 Jun 2013 18:56:00 -0400 From: Jeffrey Altman User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10" References: <409A0E510096B044A0EE3778BB3F1F5C01379C903ECD@EXMAIL.hrl.com> <51C33835.6000207@openafs.org> <409A0E510096B044A0EE3778BB3F1F5C01379C904127@EXMAIL.hrl.com> In-Reply-To: <409A0E510096B044A0EE3778BB3F1F5C01379C904127@EXMAIL.hrl.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 6/20/2013 6:31 PM, Nogin, Aleksey wrote: > Jeffrey Altman wrote: > >>> debug1: SSH2_MSG_SERVICE_REQUEST sent >>> debug1: SSH2_MSG_SERVICE_ACCEPT received >>> debug1: Authentications that can continue: >>> publickey,gssapi-with-mic,password >>> debug1: Next authentication method: gssapi-with-mic >>> debug1: Miscellaneous failure (see text) unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10 >>> >>> debug1: Delegating credentials >>> debug1: Delegating credentials >>> debug1: Enabling compression at level 6. >>> debug1: Authentication succeeded (gssapi-with-mic). >>> Authenticated to XXXhostXXX ([IP.IP.IP.IP]:22). >> >> I'm not sure what the issue is here. The authentication succeeded. > > The issue that despite the "Delegating credentials" message, credentials are not being delegated. > > Aleksey I still do not understand what does that has to do with the subject of this message? The credentials that will be deleted are the credentials of the type that was accepted by the ssh gssapi-with-mic mechanism. At the verbosity level that you are using it does not state what that is. In any case, I am quite sure that if your ssh client states that it has delegated credentials that it has done so. You need to debug the server side to determine where the sshd environment or gssapi library has determined the credentials have been stored. For Kerberos it will need to be a credential cache. Heimdal defaults to using a non-FILE based cache but I suspect that Cygwin does not provide a non-FILE based cache implementation. Jeffrey Altman -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple