Opened 7 years ago
Last modified 3 years ago
#55707 new defect
problem with kerberized ssh
Reported by: | clhedrick (Charles Hedrick) | Owned by: | |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | |
Keywords: | Cc: | cooljeanius (Eric Gallager) | |
Port: | openssh |
Description (last modified by mf2k (Frank Schima))
This problem occurs only in a very specific situation. It results in a failure if you try to login using ssh with a kerberos ticket. The situation:
krb5.conf has noaddresses = false, and doesn't list a kdc. In this situation Kerberos will discover the KDC from DNS. The discovery works fine for kinit. But if you try ssh you get an error. This error does not occur with noaddresses true, or if the kdc is specified. This problem does not occur with the same versions of kerberos and openssh on Linux.
debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,keyboard-interactive debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Incorrect net address debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,keyboard-interactive debug2: we did not send a packet, disable method debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password:
Change History (4)
comment:1 Changed 7 years ago by mf2k (Frank Schima)
Port: | openssh added |
---|
comment:2 Changed 7 years ago by mf2k (Frank Schima)
Description: | modified (diff) |
---|
comment:3 Changed 5 years ago by Ionic (Mihai Moldovan)
Can you re-test if this is still the case with the newest version (8.1p1_0)?
Rekeying was broken for quite some time, so maybe this issue is magically fixed now.
comment:4 Changed 3 years ago by cooljeanius (Eric Gallager)
Cc: | cooljeanius added |
---|
Note: See
TracTickets for help on using
tickets.
In the future, please use WikiFormatting, fill in the Port field and Cc the port maintainers (
port info --maintainers openssh
), if any.