[Bug 280407] Authentication fails when using pam_krb5.so

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 280407] Authentication fails when using pam_krb5.so"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 06 Oct 2024 04:33:43 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280407

Cy Schubert <cy@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |Not A Bug
             Status|Open                        |Closed

--- Comment #8 from Cy Schubert <cy@FreeBSD.org> ---
(In reply to Anderson Soares Ferreira from comment #6)

This is normal now. pam_krb5 was vulnerable to CVE-2023-3326. To avoid a rogue
client spoofing a legitimate client one create a principal for the client and
place its keytab on the client. The server knows the client is legitimate When
the client presents its key from the keytab to the KDC. The kdc compares the
key presented by the client from its keytab with the principal in the KDC
database.

Works as designed.

-- 
You are receiving this mail because:
You are the assignee for the bug.