Subject: Heimdal, SSH, and my hair...
To: None <>
From: Peter Losher <>
List: current-users
Date: 01/18/2001 23:42:14
I was reading the 1.5 announcement and came across this which caused some


       * Strong cryptographic libraries and applications integrated,
       including the AES cipher Rijndael, the OpenSSL library, more
       complete Kerberos IV and Kerberos V support (from the Heimdal
       project), and an SSH server and client.

Has anyone been able to get OpenSSH (the SSH that is included in NetBSD)
to work with Heimdal Krb5?  The problem that I am encountering is that we
have a MIT Krb5 implementation for general authentication, and any new
NetBSD boxes, while we can get kinit and all that to work (well, ksu
would be nice, but that's another story) SSH is almost impossible to
implement with Krb5 support.

Either I have to:

a) Install MIT Kerberos, and hack SSH Inc's SSH1 Makefile to read the MIT
libs (since that's all they support) before the system libs.  This gets me as
far as a usable ssh client, but no sshd or scp.

b) Remove all the Heimdal support, so I can go back to just using MIT
Krb5.  Although nice, quite impractical.

Does anyone have any ideas on how to approach this?

Personally, I think the whole Heimdal integration was more trouble than
it's worth.  Yes, it's integrated, but it doesn't even work with arguably
the most widely used connectivity tool, which in a lot of ways makes it
useless, and breaks compiling SSH w/ Krb5 support with any existing MIT
Krb5 installation on the box.

Thanks in advance.

Peter Losher   				      <>
Systems Admin. - Nominum, Inc.              PGP key available on request