Possibility of backporting of Heimdal 1.1
Mike Tancsa
mike at sentex.net
Tue Oct 7 14:57:02 UTC 2008
At 05:24 PM 10/6/2008, Galen Sampson wrote:
>I would like to second that. The heimdal in 7.0 is quite old. It
>is in fact inoperable with an mit kerberos realm when using
>ssh. The byte order is incorrect such that you get MIC checksum
>failures. After much googling (not documented in the krb5.conf man
>page or handbook) I found that a fix was added in the heimdal in
>7.0, but defaults to the old incompatible byte order. The heimdal
>in current uses the correct byte order by default. For those having
>the this issue with freebsd 7.0 the fix is adding the following
>lines to /etc/krb5.conf:
>
>[gssapi]
>correct_des3_mic = host/*@SOME.REALM
>
>Gunnar Flygt wrote:
>>Is there any possibility that heimdal 1.1 that works beautifully in
>>Current will be backported to FreeBSD-7.x?
>>
>>Gunnar Flygt
>>Sveriges Radio Teknik/IT
I think someone mentioned the possibility of post 7.1R. But not 100% sure
---Mike
More information about the freebsd-stable
mailing list