[Bug 258236] krb5.conf man page

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 258236] krb5.conf man page"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 04 Sep 2021 18:27:53 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258236

Benjamin Kaduk <bjk@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bjk@FreeBSD.org

--- Comment #1 from Benjamin Kaduk <bjk@FreeBSD.org> ---
I think this is not a bug in FreeBSD, but rather an unfortunate consequence of
having two kerberos implementations installed, with MANPATH and PATH searching
in different orders.

The kerberos included in the base system is an older version of heimdal
kerberos, which notably does not include support for the RFC 8009 enctypes
(i.e., aes128-cts-hmac-sha256-128 and aes256-cts-hmac-sha384-192).  The
krb5.conf manual you are reading is from that same heimdal kerberos
distribution, and rightly does not document those enctypes.

Given that you can use the RFC 8009 enctypes (or, at least, see them offered),
you must have security/krb5 (or security/heimdal) installed.  It seems that
upstream heimdal has not updated the list of enctypes in their krb5.conf.5, and
a bug report against https://github.com/heimdal/heimdal/issues would be useful.
 MIT krb5 does not list enctypes in the krb5.conf manual directly, referencing
a list of encryption types in the kdc.conf manual instead, so you are surely
looking at a heimdal-derived krb5.conf manual.

-- 
You are receiving this mail because:
You are on the CC list for the bug.