similar to: [Bug 1008] GSSAPI authentication failes with Round Robin DNS hosts

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 ------- Additional Comments From dleonard at vintela.com 2005-06-08 22:16 ------- a workaround at http://blog.macnews.de/unspecific/stories/4581/ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #9 from Simon Wilkinson <simon at sxw.org.uk> 2007-09-15 20:59:25 --- I've noted this on the mailing list too, but just for the record, the simplified patch is incorrect. GSSAPI != Kerberos, and even within the Kerberos space, some vendors ship with canonicalisation disabled. If we are going to ship a workaround for

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 Summary: GSSAPI authentication failes with Round Robin DNS hosts Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: openssh-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 ------- Comment #7 from jan.iven at cern.ch 2006-10-24 02:17 ------- Created an attachment (id=1202) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1202&action=view) (simplified patch - no config option) Given that the GSSAPI library will (unconditionally) use DNS anyway, perhaps we don't need yet another client-side config

Dear all, (apologoies - this has nothing to do with 4.7 being out, but is rather a long-standing issue that regularly bites us). Is there anything I could do to further the case of https://bugzilla.mindrot.org/show_bug.cgi?id=1008 As a summary, GSSAPI auth against machine in a DNS load-balanced server farm fails. SSH-1 Kerberos works. DNS load-balanced farm: Individual machines in the farm

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 DarioP <pellegrini.dario at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pellegrini.dario at gmail.com --- Comment #11 from DarioP <pellegrini.dario at gmail.com> --- (In reply to

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 kgizdov <mindrot at kge.pw> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mindrot at kge.pw --- Comment #12 from kgizdov <mindrot at kge.pw> --- I just wanted to chime in here to say that

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #13 from Darren Tucker <dtucker at zip.com.au> --- well it was never

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #14 from Mike Frysinger <vapier at gentoo.org> --- (In reply to Darren Tucker from comment #13) the original patch written in 2006 was against openbsd cvs, and it included a config option to turn it on/off (with the default being off). it largely applied cleanly up through 7.2 until the get_canonical_hostname refactor. since

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 Colin Watson <cjwatson at debian.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cjwatson at debian.org --- Comment #15 from Colin Watson <cjwatson at debian.org> --- I think it would make

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #16 from kgizdov <mindrot at kge.pw> --- Apparently, some good Samaritan already made patches compatible with the current version of OpenSSH. There is a package on the Arch User Repo (openssh-gssapi 7.1p2-1) that implements them. Here are the patches themselves:

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #17 from Darren Tucker <dtucker at zip.com.au> --- (In reply to kgizdov from comment #16) > I hope this helps. Not really. Those have a lot of other changes (mostly the GSSAPI key exchange support) and it still uses get_canonical_hostname() which is currently not available in the client. According to Damien reasoning

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 Eitan Adler <lists at eitanadler.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lists at eitanadler.com -- You are receiving this mail because: You are the assignee for the bug. You are

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #20 from Christoph Anton Mitterer <calestyo at scientia.org> --- I think this was answered last year in this thread: https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-May/040285.html and unfortunately it seems there won't be any merging of the GSSAPI patch. :-( There's:

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 Oliver Freyermuth <o.freyermuth at googlemail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |o.freyermuth at googlemail.com --- Comment #19 from Oliver Freyermuth <o.freyermuth at

Will Simon Wilkinson's GSSAPI Key Exchange patch ever be incorporated into the OpenSSH source? http://www.sxw.org.uk/computing/patches/openssh.html I'm sure I'm not the only one that uses it and would like to see it become part of the OpenSSH source. Is there something missing or is there some technical/philosophical reason for not including it?

http://bugzilla.mindrot.org/show_bug.cgi?id=928 simon at sxw.org.uk changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |simon at sxw.org.uk ------- Comment #2 from simon at sxw.org.uk 2006-08-19 08:31 ------- I'd rather see us move towards just using

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm pleased to (finally) announce the availability of my GSSAPI Key Exchange patch for OpenSSH 4.7p1. Whilst OpenSSH contains support for doing GSSAPI user authentication, this only allows the underlying security mechanism to authenticate the user to the server, and continues to use SSH host keys to authenticate the server to the

Hi, I am trying to impliment OpenSSH v2.9p1 with the Krb5/GSSAPI patches at: http://www.sxw.org.uk/computing/patches/openssh-2.9p1-gssapi.patch On a FreeBSD 4.3-STABLE system (with both the integrated Heimdal libs and the MIT Krb5 package from ports intstalled). I patched the src tree, reconfigured, recompiled, installed, and it works - except for Krb5 passwords or Krb5 tickets. And I really

An updated version of my patch for Kerberos v5 support is now available from http://www.sxw.org.uk/computing/patches/openssh-2.5.2p1-krb5.patch This patch includes updated Kerberos v5 support for protocol version 1, and also adds GSSAPI support for protocol version 2. Unlike the Kerberos v5 code (which will still not interoperate with ssh.com clients and servers), the GSSAPI support is based on