Opened 7 years ago
Last modified 3 years ago
#55707 new defect
problem with kerberized ssh — at Initial Version
Reported by: | clhedrick (Charles Hedrick) | Owned by: | |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | |
Keywords: | Cc: | ||
Port: | openssh |
Description
This problem occurs only in a very specific situation. It results in a failure if you try to login using ssh with a kerberos ticket. The situation:
krb5.conf has noaddresses = false, and doesn't list a kdc. In this situation Kerberos will discover the KDC from DNS. The discovery works fine for kinit. But if you try ssh you get an error. This error does not occur with noaddresses true, or if the kdc is specified. This problem does not occur with the same versions of kerberos and openssh on Linux.
debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,keyboard-interactive debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Incorrect net address
debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,keyboard-interactive debug2: we did not send a packet, disable method debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password: