| www.delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-2.4 required=5.0 tests=AWL,BAYES_00,SPF_PASS |
| X-Spam-Check-By: | sourceware.org |
| To: | cygwin AT cygwin DOT com |
| Subject: | Successful build of ssh from openssh w. MIT kerberos |
| From: | ht AT inf DOT ed DOT ac DOT uk (Henry S. Thompson) |
| Date: | Mon, 06 Jul 2009 17:30:38 +0100 |
| Message-ID: | <f5bljn1srip.fsf@hildegard.inf.ed.ac.uk> |
| User-Agent: | Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.4.21 (linux) |
| MIME-Version: | 1.0 |
| X-Edinburgh-Scanned: | at nougat.ucs.ed.ac.uk with MIMEDefang 2.60, Sophie, Sophos Anti-Virus, Clam AntiVirus |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There's been a lot of interest in this over the years, but I've found
no reports of success. The following involves a number of hacks, but
it works, which may be of use to some.
1) Download and install MIT Kerberos for Windows -- I used
kfw-3-2-2.exe
2) Use Cygwin setup to install openssh source -- I used
openssh-5.1p1-10-src
3) > cd /usr/src/openssh-5.1p1-10
> sed 's/gssapi_krb5/gssapi32/' -i configure
> sed 's/-lkrb5/-lkrb5_32/;s/ -lk5crypto//' -i configure
> LDFLAGS=3D-L/c/Progra~1/MIT/Kerberos/bin CPPFLAGS=3D'-I/c/Progra~1/MIT=
/Kerberos/inc/krb5/krb5 -I/c/Progra~1/MIT/Kerberos/inc/krb5 -I/c/Progra~1/M=
IT/Kerberos/inc/krb5/gssapi' ./configure --with-kerberos5=3D/c/Progra~1/MIT=
/Kerberos --prefix=3D/usr --sysconfdir=3D/etc --libexecdir=3D'${sbindir}' -=
-localstatedir=3D/var --datadir=3D'${prefix}/share' --mandir=3D'${datadir}/=
man' --infodir=3D'${datadir}/info'
> make
This will fail when trying to link ssh itself. Just do
4) > gcc -Wl,--enable-auto-import,--enable-stdcall-fixup -o ssh.exe ssh.o r=
eadconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o mu=
x.o /c/Program\ Files/MIT/Kerberos/bin/gssapi32.dll -L. -Lopenbsd-compat/ =
-L/c/Progra~1/MIT/Kerberos/lib/i386 -lssh -lopenbsd-compat -lgssapi32 -lres=
olv -lcrypto -lz
I realise this last step looks clunky, but I tried and failed to find
a clean way to get rid of all the linking problems using other
approaches. Improvements would of course be welcome.
Stopping here of course means the other components don't get built --
sorry -- all I wanted was ssh itself. . .
Then once you've followed the instructions to get yourself set up with
Kerberos for Windows and you have a valid certificate for your
destination, and you've added something along the lines of
GSSAPIAuthentication yes
PreferredAuthentications gssapi-with-mic
to your ssh config file, you should be good to go.
ht
- --=20
Henry S. Thompson, School of Informatics, University of Edinburgh
Half-time member of W3C Team
10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
Fax: (44) 131 651-1426, e-mail: ht AT inf DOT ed DOT ac DOT uk
URL: http://www.ltg.ed.ac.uk/~ht/
[mail really from me _always_ has this .sig -- mail without it is forged sp=
am]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFKUiaukjnJixAXWBoRAl5HAJ9d/9+ij3m4B841SOFWVhhTxWnczgCfZNwB
D7ipku0RUy4sF9IHVYBurNY=3D
=3DjSxH
-----END PGP SIGNATURE-----
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |