DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=edysjns95Nv44n6EUZM/Wh29Kf4SUFRzsUH+geX4Uz+7tnxizzMTV
	BoAc0ChsjF/h4AAP964BXeKvbmKbjCRwZVhQJ6b2vsosQr8LeCnuE31HKWauBLZx
	pw3dyLUgVQyFnS1+RuGKL8gEgqqkqgXrUCRJnuNCQ/5Igo9SFRuOSo=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Date: Fri, 21 Jun 2013 09:43:55 +0200
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Heimdal 1.5.2: "unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10"
Message-ID: <20130621074355.GE1620@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <409A0E510096B044A0EE3778BB3F1F5C01379C903ECD@EXMAIL.hrl.com> <51C33835.6000207@openafs.org> <409A0E510096B044A0EE3778BB3F1F5C01379C904127@EXMAIL.hrl.com> <51C38880.3090401@openafs.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <51C38880.3090401@openafs.org>
User-Agent: Mutt/1.5.21 (2010-09-15)

On Jun 20 18:56, Jeffrey Altman wrote:
> On 6/20/2013 6:31 PM, Nogin, Aleksey wrote:
> > Jeffrey Altman wrote:
> > 
> >>> debug1: SSH2_MSG_SERVICE_REQUEST sent
> >>> debug1: SSH2_MSG_SERVICE_ACCEPT received
> >>> debug1: Authentications that can continue: 
> >>> publickey,gssapi-with-mic,password
> >>> debug1: Next authentication method: gssapi-with-mic
> >>> debug1:  Miscellaneous failure (see text) unknown mech-code 2529639054 for mech 1 3 6 1 4 1 311 2 2 10
> >>>
> >>> debug1: Delegating credentials
> >>> debug1: Delegating credentials
> >>> debug1: Enabling compression at level 6.
> >>> debug1: Authentication succeeded (gssapi-with-mic).
> >>> Authenticated to XXXhostXXX ([IP.IP.IP.IP]:22).
> >>
> >> I'm not sure what the issue is here.  The authentication succeeded.
> > 
> > The issue that despite the "Delegating credentials" message, credentials are not being delegated.
> > 
> > Aleksey
> 
> 
> I still do not understand what does that has to do with the subject of
> this message?
> 
> The credentials that will be deleted are the credentials of the type
> that was accepted by the ssh gssapi-with-mic mechanism.  At the
> verbosity level that you are using it does not state what that is.
> 
> In any case, I am quite sure that if your ssh client states that it has
> delegated credentials that it has done so.   You need to debug the
> server side to determine where the sshd environment or gssapi library
> has determined the credentials have been stored.   For Kerberos it will
> need to be a credential cache.  Heimdal defaults to using a non-FILE
> based cache but I suspect that Cygwin does not provide a non-FILE based
> cache implementation.

Guys, whatever the problem here is, it needs to be investigated and
potentially implemented by somebody who knows this kerberos/gss-api
stuff.  Openssh is built against these libraries and that's it from my
side.  If something's missing in openssh to support this correctly on
Cygwin, or if the Cygwin DLL to support this authentication model, I
simply don't know what it is.  I appreciate any coding help.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple