[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 17 Dec 2022 04:59:46 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268186

--- Comment #26 from Cy Schubert <cy@FreeBSD.org> ---
(In reply to amendlik from comment #25)
This is likely because of some customization FreeIPA made to their MIT KRB5.
Red Hat does this too.

Rather than give you a precise and factual description of libraries, think of
them as "helpers" for an application. The Heimdal libraries ("helpers")
implement the KRB5 protocol differently than the MIT "helpers" do. You can see
the libraries ("helpers") associated with a app by running ldd against the app
or against another library.

What are the following set in your sshd_config?

GSSAPIAuthentication
KerberosAuthentication

Though even if those are set to "no," the Heimdal libraries are still loaded
and can still interfere with authentication because Heimdal function names are
the same as MIT function names -- reason for the patch I posted earlier.

-- 
You are receiving this mail because:
You are the assignee for the bug.