GSSAPI authentication don't work in WinSCP 5.1.3
Hi,
We are migrating from Windows XP to W7 on the client side.
I have started the job to get WinSCP working with GSSAPI
authentication in W7. According to my tests it don't work.
We have successfully been running WinSCP 3.8.2 with GSSAPI
authentication and KfW in XP.
According to my tests running versions 4.x or 5.x don't work
with GSSAPI authentication in neither XP nor W7. To be honest
I don't recall the exact 4.x version I tried but the one I
tested didn't work so I stayed with 3.8.2.
We use 0.58-GSSAPI Putty in XP.
I didn't get the standard Putty working in W7 so I installed
a 64bit version found on the net. KfW Leash didn't work in W7
either so I installed Heimdal Kerberos for Windows.
64 bits Putty together with Network Identity Manager (NIM)
built by secure-endpoints, configured to use an external
GSSAPI64.dll worked as expected with GSSAPI authentication.
WinSCP 5.1.3 can't find the kerberos ticket initialized through
NIM so I thought this was a problem in my setup for W7.
I then tested the portable WinSCP 5.1.3 in XP trying to access
the same ticket initialized through Leash that WinSCP 3.8.2
can use, but to no luck.
5.1.3 always prompts for password. I have tried to configure
5.1.3 the same way as 3.8.2 but that didn't work either.
The server is a Solaris 10 node with revision Generic_142900-11
running OpenSSH 5.5p1:
OpenSSH_5.5p1, OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for:
CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738
CVE-2006-4339 CVE-2006-4343 CVE-2007-5135 CVE-2007-3108
CVE-2008-5077 CVE-2009-0590)
I include debug-logs from both 3.8.2 and 5.1.3 sessions.
The 3.8.2 session shows a successful login with GSSAPI
authentication and 5.1.3 a failing one.
Have I missed something obvious?
Regards
Bernt Jernberg
We are migrating from Windows XP to W7 on the client side.
I have started the job to get WinSCP working with GSSAPI
authentication in W7. According to my tests it don't work.
We have successfully been running WinSCP 3.8.2 with GSSAPI
authentication and KfW in XP.
According to my tests running versions 4.x or 5.x don't work
with GSSAPI authentication in neither XP nor W7. To be honest
I don't recall the exact 4.x version I tried but the one I
tested didn't work so I stayed with 3.8.2.
We use 0.58-GSSAPI Putty in XP.
I didn't get the standard Putty working in W7 so I installed
a 64bit version found on the net. KfW Leash didn't work in W7
either so I installed Heimdal Kerberos for Windows.
64 bits Putty together with Network Identity Manager (NIM)
built by secure-endpoints, configured to use an external
GSSAPI64.dll worked as expected with GSSAPI authentication.
WinSCP 5.1.3 can't find the kerberos ticket initialized through
NIM so I thought this was a problem in my setup for W7.
I then tested the portable WinSCP 5.1.3 in XP trying to access
the same ticket initialized through Leash that WinSCP 3.8.2
can use, but to no luck.
5.1.3 always prompts for password. I have tried to configure
5.1.3 the same way as 3.8.2 but that didn't work either.
The server is a Solaris 10 node with revision Generic_142900-11
running OpenSSH 5.5p1:
OpenSSH_5.5p1, OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for:
CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738
CVE-2006-4339 CVE-2006-4343 CVE-2007-5135 CVE-2007-3108
CVE-2008-5077 CVE-2009-0590)
I include debug-logs from both 3.8.2 and 5.1.3 sessions.
The 3.8.2 session shows a successful login with GSSAPI
authentication and 5.1.3 a failing one.
Have I missed something obvious?
Regards
Bernt Jernberg
