Your message dated Tue, 14 Dec 2010 17:17:24 +0000
with message-id <e1psyva-0005xt...@franck.debian.org>
and subject line Bug#604925: fixed in krb5 1.8.3+dfsg-4
has caused the Debian Bug report #604925,
regarding Squeeze krb5 fails to work with Open Directory KDC tickets
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
604925: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604925
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libgssapi-krb5-2
Version: 1.8.3+dfsg-2
Severity: grave
File: /usr/lib/libgssapi_krb5.so.2
My system uses kerberos to authenticate users to ssh. After upgrading a server
to squeeze logging in is no longer possible (this could satisfy critical
severity). Unfortunately debugging this turned out to be harder than expected,
because gssapi is not very precise about what the problem really is. All I can
do is post the logs.
Logging in from a (lenny) client that could log in to the same system
before the upgrade:
$ ssh -vvv somemachine
...
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list
publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred
gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred:
gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: gssapi,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Delegating credentials
debug1: Delegating credentials
debug1: Unspecified GSS failure. Minor code may provide more information
Generic error (see e-text)
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
...
Of course I also turned on debugging on the server:
...
Nov 25 13:43:46 someserver sshd[5661]: Set /proc/self/oom_adj to 0
Nov 25 13:43:46 someserver sshd[5661]: debug1: rexec start in 5 out 5 newsock 5
pipe 7 sock 8
Nov 25 13:43:46 someserver sshd[5661]: debug1: inetd sockets after dupping: 3, 3
Nov 25 13:43:46 someserver sshd[5661]: Connection from 10.0.82.2 port 36317
Nov 25 13:43:46 someserver sshd[5661]: debug1: Client protocol version 2.0;
client software version OpenSSH_5.1p1 Debian-5
Nov 25 13:43:46 someserver sshd[5661]: debug1: match: OpenSSH_5.1p1 Debian-5
pat OpenSSH*
Nov 25 13:43:46 someserver sshd[5661]: debug1: Enabling compatibility mode for
protocol 2.0
Nov 25 13:43:46 someserver sshd[5661]: debug1: Local version string
SSH-2.0-OpenSSH_5.5p1 Debian-5+b1
Nov 25 13:43:46 someserver sshd[5661]: debug1: PAM: initializing for "root"
Nov 25 13:43:46 someserver sshd[5661]: debug1: PAM: setting PAM_RHOST to
"reverse.dns.of.somemachine"
Nov 25 13:43:46 someserver sshd[5661]: debug1: PAM: setting PAM_TTY to "ssh"
Nov 25 13:43:46 someserver sshd[5661]: Failed none for root from 10.0.82.2 port
36317 ssh2
Nov 25 13:43:46 someserver sshd[5661]: debug1: Unspecified GSS failure. Minor
code may provide more information\nNo such file or directory\n
Nov 25 13:43:46 someserver sshd[5661]: debug1: Got no client credentials
...
The origin of the "Unspecified GSS failure." message is
src/lib/gssapi/mechglue/g_dsp_status.c which is a generic error handler. The
"Got no client credentials" message originates from sshd itself gss-serv.c in
ssh_gssapi_accept_ctx after finding that an error occured.
Any other information needed?
Do you have any ideas for debugging?
Helmut
-- System Information:
Debian Release: squeeze/sid
APT prefers squeeze-volatile
APT policy: (500, 'squeeze-volatile'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libgssapi-krb5-2 depends on:
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii libcomerr2 1.41.12-2 common error description library
ii libk5crypto3 1.8.3+dfsg-2 MIT Kerberos runtime libraries - C
ii libkeyutils1 1.4-1 Linux Key Management Utilities (li
ii libkrb5-3 1.8.3+dfsg-2 MIT Kerberos runtime libraries
ii libkrb5support0 1.8.3+dfsg-2 MIT Kerberos runtime libraries - S
libgssapi-krb5-2 recommends no packages.
Versions of packages libgssapi-krb5-2 suggests:
pn krb5-doc <none> (no description available)
ii krb5-user 1.8.3+dfsg-2 Basic programs to authenticate usi
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: krb5
Source-Version: 1.8.3+dfsg-4
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive:
krb5-admin-server_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/krb5-admin-server_1.8.3+dfsg-4_amd64.deb
krb5-doc_1.8.3+dfsg-4_all.deb
to main/k/krb5/krb5-doc_1.8.3+dfsg-4_all.deb
krb5-kdc-ldap_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/krb5-kdc-ldap_1.8.3+dfsg-4_amd64.deb
krb5-kdc_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/krb5-kdc_1.8.3+dfsg-4_amd64.deb
krb5-multidev_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/krb5-multidev_1.8.3+dfsg-4_amd64.deb
krb5-pkinit_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/krb5-pkinit_1.8.3+dfsg-4_amd64.deb
krb5-user_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/krb5-user_1.8.3+dfsg-4_amd64.deb
krb5_1.8.3+dfsg-4.diff.gz
to main/k/krb5/krb5_1.8.3+dfsg-4.diff.gz
krb5_1.8.3+dfsg-4.dsc
to main/k/krb5/krb5_1.8.3+dfsg-4.dsc
libgssapi-krb5-2_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/libgssapi-krb5-2_1.8.3+dfsg-4_amd64.deb
libgssrpc4_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/libgssrpc4_1.8.3+dfsg-4_amd64.deb
libk5crypto3_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/libk5crypto3_1.8.3+dfsg-4_amd64.deb
libkadm5clnt-mit7_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/libkadm5clnt-mit7_1.8.3+dfsg-4_amd64.deb
libkadm5srv-mit7_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/libkadm5srv-mit7_1.8.3+dfsg-4_amd64.deb
libkdb5-4_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/libkdb5-4_1.8.3+dfsg-4_amd64.deb
libkrb5-3_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/libkrb5-3_1.8.3+dfsg-4_amd64.deb
libkrb5-dbg_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/libkrb5-dbg_1.8.3+dfsg-4_amd64.deb
libkrb5-dev_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/libkrb5-dev_1.8.3+dfsg-4_amd64.deb
libkrb53_1.8.3+dfsg-4_all.deb
to main/k/krb5/libkrb53_1.8.3+dfsg-4_all.deb
libkrb5support0_1.8.3+dfsg-4_amd64.deb
to main/k/krb5/libkrb5support0_1.8.3+dfsg-4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 604...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <hartm...@debian.org> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 14 Dec 2010 11:53:26 -0500
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev
libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2
libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4
libkrb5support0 libkrb53
Architecture: source all amd64
Version: 1.8.3+dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Sam Hartman <hartm...@debian.org>
Changed-By: Sam Hartman <hartm...@debian.org>
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-4 - MIT Kerberos runtime libraries - Kerberos database
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb53 - transitional package for MIT Kerberos libraries
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 604925
Changes:
krb5 (1.8.3+dfsg-4) unstable; urgency=medium
.
* Ignore PACs without a server signature generated by OS X Open
Directory rather than failing authentication, Closes: #604925
Checksums-Sha1:
24691e71ac0d11763258660877823ad3caf480c5 1578 krb5_1.8.3+dfsg-4.dsc
7ac20857b400be652bc89dfeffb99c6ee0e34e7b 103385 krb5_1.8.3+dfsg-4.diff.gz
be39434c382681185cdb6f0cb0e9adb7e9ab4145 2254888 krb5-doc_1.8.3+dfsg-4_all.deb
24f30cd716b4f1bca57501f6255802807c93db5c 1372790 libkrb53_1.8.3+dfsg-4_all.deb
92309534174265703c0572cbf92ac9bc679160c8 138542
krb5-user_1.8.3+dfsg-4_amd64.deb
c19d9d1806fc55e616ac2fd0280260a4de0a0b54 218762 krb5-kdc_1.8.3+dfsg-4_amd64.deb
be8e9959490851add7805a625e945313504d59b8 117798
krb5-kdc-ldap_1.8.3+dfsg-4_amd64.deb
2079835e12170f2a5f54db1767898ecb04cca9b9 112766
krb5-admin-server_1.8.3+dfsg-4_amd64.deb
c1368ea2298f90c67af132117b9336c9b03f31ac 103376
krb5-multidev_1.8.3+dfsg-4_amd64.deb
73630ade9222c537c009fd0703151a3b19874cba 37142
libkrb5-dev_1.8.3+dfsg-4_amd64.deb
f02f9f018b3b1383b7d3a348068980e35401fa3a 1627854
libkrb5-dbg_1.8.3+dfsg-4_amd64.deb
4922aa8f385fd96360c7b58b5f73c391064bc2cf 77732
krb5-pkinit_1.8.3+dfsg-4_amd64.deb
03523543c99072d3a36c67d5f6c469c5c86e1660 374528
libkrb5-3_1.8.3+dfsg-4_amd64.deb
a26ff3873d1e72eb6a85a008558d577008c5337c 130310
libgssapi-krb5-2_1.8.3+dfsg-4_amd64.deb
4071dd49198aa224d3bce8f66b3cfc6e43de2027 83934
libgssrpc4_1.8.3+dfsg-4_amd64.deb
80954f296907c54259673922ef680240daf113b5 78176
libkadm5srv-mit7_1.8.3+dfsg-4_amd64.deb
a45882363a72cd8fd1fcd37d5dc94d88c722630c 64316
libkadm5clnt-mit7_1.8.3+dfsg-4_amd64.deb
a231349cf4914d7fb438387f3a896d3ac1192502 106048
libk5crypto3_1.8.3+dfsg-4_amd64.deb
c71c3324d277b618a624b04d83d4517e872987e0 63806 libkdb5-4_1.8.3+dfsg-4_amd64.deb
a9b95284b68a7ce1f216530829e03abe5d335bde 45686
libkrb5support0_1.8.3+dfsg-4_amd64.deb
Checksums-Sha256:
15406421e0e672eaecd87f7873f27612992b0b603daa6c58561092a2148be8f5 1578
krb5_1.8.3+dfsg-4.dsc
ea75f509f3123a1d910ff10b83d6f8f4f58720adeb8f462585ca3c63ec647ecb 103385
krb5_1.8.3+dfsg-4.diff.gz
8b000795d895ccd1fe9546b26d6c8b999104104c0756d8a6749a449c777e1e82 2254888
krb5-doc_1.8.3+dfsg-4_all.deb
115518759fe864534a448db74eed007db7e8a4ddc50d006c3a6191722fb50579 1372790
libkrb53_1.8.3+dfsg-4_all.deb
79e0ebec411b6f3d43a2c1f7644b5217f49c69e9e765d7b074d06b496d5cd9da 138542
krb5-user_1.8.3+dfsg-4_amd64.deb
b39a8cfe00e863863070fae506cf99856c678e9c3851863d4d842e203d56027c 218762
krb5-kdc_1.8.3+dfsg-4_amd64.deb
664c916f086071978003f2915179835499dc09b9d4480da0c59b4d2f16207d07 117798
krb5-kdc-ldap_1.8.3+dfsg-4_amd64.deb
c920bf0a51265e06327872c0959dd9321a3e6d4d047f9c3d3bf2ae51c0f45246 112766
krb5-admin-server_1.8.3+dfsg-4_amd64.deb
9356228ba1561b5302b787c3c6206cf9d7eef31e49389bad62108a7b8dd7f514 103376
krb5-multidev_1.8.3+dfsg-4_amd64.deb
ab3b3ec1be56817014b1e1562ecfb35cd1b4a272595ed9a9bec99303901e9eb9 37142
libkrb5-dev_1.8.3+dfsg-4_amd64.deb
6d2acaf7c1891739b154c25b9c6ff7896dc8dc14e65641ded209afaf8b9d5354 1627854
libkrb5-dbg_1.8.3+dfsg-4_amd64.deb
a3f47ca4a41bade3eb91da3ea89a69bcf265bea83bec9d2ad28d61fc3be0b28c 77732
krb5-pkinit_1.8.3+dfsg-4_amd64.deb
17ec10afc7806e99000af5d5dec464d89cd116b400669d9673a7d5be4a324f3c 374528
libkrb5-3_1.8.3+dfsg-4_amd64.deb
5e066ea1bc65cb08d8dfc29e2519b8c02fc1974eb725c9ded5751705675eef38 130310
libgssapi-krb5-2_1.8.3+dfsg-4_amd64.deb
188a1645045ec2aed56f8c5e1e409d370709e322ec354c13799cbf6629ae4cf6 83934
libgssrpc4_1.8.3+dfsg-4_amd64.deb
699b171bf609313e458c425e3ba1f8711689b4f46d1de93fcea38d47b7a7a34d 78176
libkadm5srv-mit7_1.8.3+dfsg-4_amd64.deb
d23adca6dbbc169d551e7702854a53f70b016335d2c0308b3dd13bf710a572cb 64316
libkadm5clnt-mit7_1.8.3+dfsg-4_amd64.deb
fa592631da880e768eab3292612ddf8b6fc60d4201207e10d7436b9493c4300f 106048
libk5crypto3_1.8.3+dfsg-4_amd64.deb
a97dfd3fa385aaf478847ed95609a1c1c609235ca567f779246430e331d8337d 63806
libkdb5-4_1.8.3+dfsg-4_amd64.deb
679813fcf54338adf182d2d89df0fdc77856cea5191f1a6924b12f6cc3e8ecc6 45686
libkrb5support0_1.8.3+dfsg-4_amd64.deb
Files:
68b3e5807b2c13302b9ce27d3f7c88cb 1578 net standard krb5_1.8.3+dfsg-4.dsc
00741517cb1e4a9a9487d09f9d50e5cf 103385 net standard krb5_1.8.3+dfsg-4.diff.gz
3a42d2242f9b5eee0287dc8c7c6b4e62 2254888 doc optional
krb5-doc_1.8.3+dfsg-4_all.deb
15305050c7e7fdf629e957591c4549ca 1372790 oldlibs extra
libkrb53_1.8.3+dfsg-4_all.deb
4b562ea3061aa699c3a6ac78517a1238 138542 net optional
krb5-user_1.8.3+dfsg-4_amd64.deb
1e882f1db0efa2d9c2fe515e724b9ad7 218762 net optional
krb5-kdc_1.8.3+dfsg-4_amd64.deb
11bed314462a17feeeafb7bce8c16301 117798 net extra
krb5-kdc-ldap_1.8.3+dfsg-4_amd64.deb
d6862fd4252b3087ce80749b61aade2f 112766 net optional
krb5-admin-server_1.8.3+dfsg-4_amd64.deb
dcd11686c87bc48e32a473861653f81a 103376 libdevel optional
krb5-multidev_1.8.3+dfsg-4_amd64.deb
0dce18eba710266e137e3fd6e681a684 37142 libdevel extra
libkrb5-dev_1.8.3+dfsg-4_amd64.deb
0e1efe05b4756f08bd02d5804b8a42e6 1627854 debug extra
libkrb5-dbg_1.8.3+dfsg-4_amd64.deb
eaf30835ab1eb993434192aed028fc07 77732 net extra
krb5-pkinit_1.8.3+dfsg-4_amd64.deb
e90842ecaba4b545d42d3fd39e8a0cee 374528 libs standard
libkrb5-3_1.8.3+dfsg-4_amd64.deb
6aa2f5c86cf7e32123e0d86c37f78df4 130310 libs standard
libgssapi-krb5-2_1.8.3+dfsg-4_amd64.deb
f1773fd2823939412eb9851f44756f4d 83934 libs standard
libgssrpc4_1.8.3+dfsg-4_amd64.deb
2abbffe1ff73ce96dec2a6d120789593 78176 libs standard
libkadm5srv-mit7_1.8.3+dfsg-4_amd64.deb
ed8ed3f9bb010ab34cedbcdeb2428528 64316 libs standard
libkadm5clnt-mit7_1.8.3+dfsg-4_amd64.deb
eaf82e5bf5901aaeb94fa874bbfd42cb 106048 libs standard
libk5crypto3_1.8.3+dfsg-4_amd64.deb
a27162905a17cd53f4dae7d5087a77c9 63806 libs standard
libkdb5-4_1.8.3+dfsg-4_amd64.deb
bfec6fb3653d7bc03d42cfd3b3aed95d 45686 libs standard
libkrb5support0_1.8.3+dfsg-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk0HowYACgkQ/I12czyGJg/bawCfWnGYjg9IZnyMbbtstl4Yp+Hb
ntwAoNunBzaf+VEzdojRq/S4bNcPE6WX
=jP9Z
-----END PGP SIGNATURE-----
--- End Message ---