[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 05 Dec 2022 23:24:00 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268186
Bug ID: 268186
Summary: Kerberos authentication fails with a Linux/FreeIPA KDC
Product: Base System
Version: Unspecified
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: bugs@FreeBSD.org
Reporter: amendlik@gmail.com
When using a Linux-based FreeIPA server as the KDC, users cannot authenticate
to FreeBSD hosts using SSH with GSSAPI. Errors from sshd indicate the
encryption algorithm used in the service ticket is not supported:
debug3: receive packet: type 61 [preauth]
debug3: mm_request_send: entering, type 44 [preauth]
debug3: mm_request_receive_expect: entering, type 45 [preauth]
debug3: mm_request_receive: entering [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 44
debug1: Miscellaneous failure (see text)
encryption type 20 not supported
debug1: Got no client credentials
debug3: mm_request_send: entering, type 45
debug3: userauth_finish: failure partial=0 next
methods="publickey,gssapi-with-mic" [preauth]
Encryption type 20 refers to the aes256-cts-hmac-sha384-192 algorithm. It is
defined in RFC8009 (https://www.rfc-editor.org/rfc/rfc8009.html#section-7) and
has been supported since Heimdal 7.0.1, released in 2016.
Looking at the FreeBSD base system, we are on Heimdal 1.5.2, released in 2012.
Are there any plans to update Heimdal in the base system to a more recent
version?
--
You are receiving this mail because:
You are the assignee for the bug.