problem with kerberized ssh

[clhedrick (Charles Hedrick)]

This problem occurs only in a very specific situation. It results in a failure if you try to login using ssh with a kerberos ticket. The situation:

krb5.conf has noaddresses = false, and doesn't list a kdc. In this situation Kerberos will discover the KDC from DNS. The discovery works fine for kinit. But if you try ssh you get an error. This error does not occur with noaddresses true, or if the kdc is specified. This problem does not occur with the same versions of kerberos and openssh on Linux.

debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Incorrect net address

debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password: 

[mf2k (Frank Schima)]

In the future, please use WikiFormatting, fill in the Port field and Cc the port maintainers (port info --maintainers openssh), if any.

[Ionic (Mihai Moldovan)]

Can you re-test if this is still the case with the newest version (8.1p1_0)?

Rekeying was broken for quite some time, so maybe this issue is magically fixed now.