bugzilla-daemon at mindrot.org
2023-Dec-12 10:00 UTC
[Bug 3642] New: GSS treats hostnames case sensitive -> suggestion for docs of GSSAPIStrictAcceptorCheck setting
https://bugzilla.mindrot.org/show_bug.cgi?id=3642
Bug ID: 3642
Summary: GSS treats hostnames case sensitive -> suggestion for
docs of GSSAPIStrictAcceptorCheck setting
Product: Portable OpenSSH
Version: 9.5p1
Hardware: amd64
OS: FreeBSD
Status: NEW
Severity: enhancement
Priority: P5
Component: Kerberos support
Assignee: unassigned-bugs at mindrot.org
Reporter: alexander-opensshbugzilla at leidinger.net
Hi,
I have a host which has a different case in the kerberos DB than in
DNS.
krb5: host/test.example.com at REALM
DNS: test.Example.com (forward and reverse match in DNS)
If I try to do GSS API authentication, it fails. If I use
"GSSAPIStrictAcceptorCheck no" for sshd, it succeeds.
Searching in the net reveals that more people have this issue.
I suggest to add a note to the ssh docs that this setting is not only
for multihomed machines, but also for cases where the case of the
hostname may not match from all sources (command line vs DNS vs the
output of hostname).
--
You are receiving this mail because:
You are watching the assignee of the bug.
Maybe Matching Threads
- [Bug 2637] New: GSSAPIStrictAcceptorCheck should default to 'yes'
- creating Kerberos host principals for multiple hostnames, multihomed server
- [nut-Feature Requests][310492] Allow to specify hostnames in ACL (upsd.conf)
- GSSAPIKeyExchange and GSSAPIStrictAcceptorCheck
- [Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts