[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 18 Jan 2023 23:46:37 UTC

--- Comment #62 from Cy Schubert <cy@FreeBSD.org> ---
(In reply to amendlik from comment #60)
The port flags itself as broken when the gssapi option is selected, stating
that the patch is not available.

Applying the patch for 8.9 will fail. Reworking the 8.9 patch is pointless
because the code has changed significantly enough to require rewriting the
patch. This is probably why Debian hasn't produced a patch yet, and IMO may
never will.

The port's Makefile has a comment that KERB_GSSAPI requires the GSSAPI patch,
which has now been implemented by OpenBSD in OpenSSH. One needs to test OpenSSH
without the KERB_GSSAPI patch.

BTW, the MIT and HEIMDAL options are independent of the KERB_GSSAPI option. I
don't know why KERB_GSSAPI is required when building the gssapi flavor when one
can build opehssh-portable with just the MIT option without the KERB_GSSAPI

You are receiving this mail because:
You are the assignee for the bug.