[Bug 278517] net/samba416 smbclient kerberos behaviour change

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 21 Apr 2024 22:54:32 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278517

            Bug ID: 278517
           Summary: net/samba416 smbclient kerberos behaviour change
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: timur@FreeBSD.org
          Reporter: dewayne@heuristicsystems.com.au
          Assignee: timur@FreeBSD.org
             Flags: maintainer-feedback?(timur@FreeBSD.org)

Previous versions of SAMBA from 4.10-4.13 allowed
smbclient -k //HOST/USER -c pwd
which uses the cached principal.

As does SAMBA 4.16.11, but with the deprecation notice:
# smbclient -k //cute103.hs/dewayne -c pwd
WARNING: The option -k|--kerberos is deprecated!   <<<=== Issue

Using 
smbclient //cute103.hs/dewayne -c pwd
prompts for the principal password, as does
smbclient --use-kerberos=required //cute103.hs/dewayne -c pwd

Similarly, when adding to smb4.conf the following line
client use kerberos = required

Throughout this testing I have a 
  Issued                Expires               Principal
Apr 22 07:26:32 2024  Apr 22 17:26:39 2024  krbtgt/HS@HS
Apr 22 07:26:43 2024  Apr 22 17:26:39 2024  cifs/cute103.hs@HS

Is this an implementation issue or is this a SAMBA peculiarity - that being: 
even though a user has the user and service principal in their cache to either:
prompt for the password; or be told that they're using deprecated
functionality?

Please note I have a group of SAMBA standalone servers using heimdal kdc and
openldap (since 4.10.11) on FreeBSD 12.4S, 13.2S and 14.0-p5.

-- 
You are receiving this mail because:
You are the assignee for the bug.