Public bug reported:
In jammy:
root@j1:~# saslpluginviewer | head | grep SPNEGO
root@j1:~#
Confirming against a windows 2016 active directory server, fully patched:
root@j1:~# ldapwhoami -Y GSS-SPNEGO
ldap_sasl_interactive_bind: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available: No worthy mechs found
gssapi (kerberos) works:
root@j1:~# ldapwhoami -Y GSSAPI
SASL/GSSAPI authentication started
SASL username: administra...@internal.example.fake
SASL SSF: 256
SASL data security layer installed.
u:INTEXAMPLE\Administrator
root@j1:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administra...@internal.example.fake
Valid starting Expires Service principal
01/08/22 22:31:48 01/09/22 08:31:48
krbtgt/internal.example.f...@internal.example.fake
renew until 01/09/22 22:31:45
01/08/22 22:34:53 01/09/22 08:31:48
ldap/win-kriet1e5elo.internal.example.fake@
renew until 01/09/22 22:31:45
Ticket server:
ldap/win-kriet1e5elo.internal.example.f...@internal.example.fake
In focal, GSS-SPNEGO works:
root@f1:~# saslpluginviewer | head | grep SPNEGO
GS2-IAKERB GS2-KRB5 SCRAM-SHA-1 SCRAM-SHA-256 GSSAPI GSS-SPNEGO DIGEST-MD5
EXTERNAL NTLM CRAM-MD5 PLAIN LOGIN ANONYMOUS
GS2-IAKERB GS2-KRB5 SCRAM-SHA-1 SCRAM-SHA-256 GSSAPI GSS-SPNEGO DIGEST-MD5
NTLM CRAM-MD5 PLAIN LOGIN ANONYMOUS
Confirming with ldapwhoami:
root@f1:~# ldapwhoami -Y GSS-SPNEGO
SASL/GSS-SPNEGO authentication started
SASL username: administra...@internal.example.fake
SASL SSF: 256
SASL data security layer installed.
u:INTEXAMPLE\Administrator
** Affects: cyrus-sasl2 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1956833
Title:
No GSS-SPNEGO support in jammy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1956833/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
