There was a fix for some other ssh related bug, but this fix seems to
have fixed this bug too.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/675448
Title:
ssh does not
There was a fix for some other ssh related bug, but this fix seems to
have fixed this bug too.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/675448
Title:
ssh does not authenticate against kerberos
[Expired for openssh (Ubuntu) because there has been no activity for 60
days.]
** Changed in: openssh (Ubuntu)
Status: Incomplete = Expired
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
[Expired for openssh (Ubuntu) because there has been no activity for 60
days.]
** Changed in: openssh (Ubuntu)
Status: Incomplete = Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/675448
After fixing gss_init_sec_context by installing latest available gss-
libraries. The problem is mostly gone.
The remainig problem:
ssh -l tu auth - password asked
ssh -l tu auth.local - no password asked
is quite annoying. Digging further down into it.
--
ssh does not authenticate against
The remainig problem is by ssh: the client does not, regardless of
setting GSSAPITrustDNS to yes or no, correctly canonicalize the
given hostname.
--
ssh does not authenticate against kerberos
https://bugs.launchpad.net/bugs/675448
You received this bug notification because you are a member of
Conclusion:
the handbook shall state:
1. make sure your DNS configuration is correct. It is enough to test on *all*
clients:
- host fqdn
- host shortname (without domain)
- host ipaddr
should handle you the same address and name!
2. make sure your localhost is correct
- host
7. This goes out to the maintainer of the package: make the
configuration as minimal as possible. No stuff not necessary (except
comments). No useless entries. This is especially true for
/etc/krb5.conf! It isn't helpful at all having a bloated configuration
if you're looking for something like
After fixing gss_init_sec_context by installing latest available gss-
libraries. The problem is mostly gone.
The remainig problem:
ssh -l tu auth - password asked
ssh -l tu auth.local - no password asked
is quite annoying. Digging further down into it.
--
ssh does not authenticate against
The remainig problem is by ssh: the client does not, regardless of
setting GSSAPITrustDNS to yes or no, correctly canonicalize the
given hostname.
--
ssh does not authenticate against kerberos
https://bugs.launchpad.net/bugs/675448
You received this bug notification because you are a member of
Conclusion:
the handbook shall state:
1. make sure your DNS configuration is correct. It is enough to test on *all*
clients:
- host fqdn
- host shortname (without domain)
- host ipaddr
should handle you the same address and name!
2. make sure your localhost is correct
- host
7. This goes out to the maintainer of the package: make the
configuration as minimal as possible. No stuff not necessary (except
comments). No useless entries. This is especially true for
/etc/krb5.conf! It isn't helpful at all having a bloated configuration
if you're looking for something like
The error seems to be related to gss_init_sec_context. All host that
do not authenticate successful against krb5 breaking after Calling
gss_init_sec_context, while Delegating credentials. At this moment
the connection is closed.
This affects all tools using GSSAPI. I do not think this is a bug
** Attachment added: Not working host.
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/675448/+attachment/1745370/+files/bacula.log
--
ssh does not authenticate against kerberos
https://bugs.launchpad.net/bugs/675448
You received this bug notification because you are a member of
The error seems to be related to gss_init_sec_context. All host that
do not authenticate successful against krb5 breaking after Calling
gss_init_sec_context, while Delegating credentials. At this moment
the connection is closed.
This affects all tools using GSSAPI. I do not think this is a bug
** Attachment added: Not working host.
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/675448/+attachment/1745370/+files/bacula.log
--
ssh does not authenticate against kerberos
https://bugs.launchpad.net/bugs/675448
You received this bug notification because you are a member of
First of all, because it makes me angry: WHERE IS A WAY IN LAUNCHPAD TO
ACCESS BUGS REPORTED BY ME WITHOUT KNOWING THE BUG
ID??? Seems missing, was there. I'd really like to
have it back! Launchpad is nonsense if I can't access bug reports
without knowledge of the URL.
OK.
First of all, because it makes me angry: WHERE IS A WAY IN LAUNCHPAD TO
ACCESS BUGS REPORTED BY ME WITHOUT KNOWING THE BUG
ID??? Seems missing, was there. I'd really like to
have it back! Launchpad is nonsense if I can't access bug reports
without knowledge of the URL.
OK.
According to the log file:
keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An
According to the log file:
keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An
--
ssh does not authenticate against kerberos
https://bugs.launchpad.net/bugs/675448
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
21 matches
Mail list logo