Hi, On Aug 24, 2010, at 15:45, Troy Dawson wrote:
> Hi, > We've talked about this and feel it isn't something we have the resources to > maintain. Please put this bug in with The Upstream Vendor (RedHat). the best way to proceed would probably be to create a clone of #531849 against 5.6? Jörgen, would you do it? - Stephan > > I'm sorry. > Troy > > Joergen Samson wrote: >> Hi, there is a bug in SL5's openssh client which is introduced by RetHat's >> openssh-4.3p2-gssapi-canohost.patch, if you use Kerberos5 authentication in >> conjunction with the "ProxyCommand" option. >> To verify the bug run >> ssh -v -o "ProxyCommand nc %h %p" -o "PasswordAuthentication no" -o >> "PubkeyAuthentication no" -o "GSSAPIAuthentication yes" $HOST "echo work >> s" >> on a host which allows login with a Kerberos5 ticket. >> On SL5 openssh fails with [...] >> debug1: Next authentication method: gssapi-with-mic >> debug1: An invalid name was supplied >> Hostname cannot be canonicalized >> [...] >> With a vanilla build of openssh this command succeeds. >> The fedora project already uses a fixed version of th >> openssh-4.3p2-gssapi-canohost.path >> http://cvs.fedoraproject.org/viewvc/rpms/openssh/devel/openssh-4.3p2-gssa >> pi-canohost.patch?sortdir=down&view=log >> Could you backport the fixed patch to the SL5 openssh packages? >> Cheers, >> Jörgen Samson > > > -- > __________________________________________________ > Troy Dawson daw...@fnal.gov (630)840-6468 > Fermilab ComputingDivision/LSCS/CSI/USS Group > __________________________________________________ -- Stephan Wiesand DESY -DV- Platanenallee 6 15738 Zeuthen, Germany
smime.p7s
Description: S/MIME cryptographic signature
