Is there any possibility that heimdal 1.1 that works beautifully in Current will be backported to FreeBSD-7.x? Gunnar Flygt Sveriges Radio Teknik/IT
I would like to second that. The heimdal in 7.0 is quite old. It is in fact inoperable with an mit kerberos realm when using ssh. The byte order is incorrect such that you get MIC checksum failures. After much googling (not documented in the krb5.conf man page or handbook) I found that a fix was added in the heimdal in 7.0, but defaults to the old incompatible byte order. The heimdal in current uses the correct byte order by default. For those having the this issue with freebsd 7.0 the fix is adding the following lines to /etc/krb5.conf: [gssapi] correct_des3_mic = host/*@SOME.REALM Gunnar Flygt wrote:> Is there any possibility that heimdal 1.1 that works beautifully in > Current will be backported to FreeBSD-7.x? > > Gunnar Flygt > Sveriges Radio Teknik/IT > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >
At 05:24 PM 10/6/2008, Galen Sampson wrote:>I would like to second that. The heimdal in 7.0 is quite old. It >is in fact inoperable with an mit kerberos realm when using >ssh. The byte order is incorrect such that you get MIC checksum >failures. After much googling (not documented in the krb5.conf man >page or handbook) I found that a fix was added in the heimdal in >7.0, but defaults to the old incompatible byte order. The heimdal >in current uses the correct byte order by default. For those having >the this issue with freebsd 7.0 the fix is adding the following >lines to /etc/krb5.conf: > >[gssapi] >correct_des3_mic = host/*@SOME.REALM > >Gunnar Flygt wrote: >>Is there any possibility that heimdal 1.1 that works beautifully in >>Current will be backported to FreeBSD-7.x? >> >>Gunnar Flygt >>Sveriges Radio Teknik/ITI think someone mentioned the possibility of post 7.1R. But not 100% sure ---Mike