similar to: [Bug 1008] GSSAPI authentication fails with Round Robin DNS hosts

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #16 from kgizdov <mindrot at kge.pw> --- Apparently, some good Samaritan already made patches compatible with the current version of OpenSSH. There is a package on the Arch User Repo (openssh-gssapi 7.1p2-1) that implements them. Here are the patches themselves:

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #17 from Darren Tucker <dtucker at zip.com.au> --- (In reply to kgizdov from comment #16) > I hope this helps. Not really. Those have a lot of other changes (mostly the GSSAPI key exchange support) and it still uses get_canonical_hostname() which is currently not available in the client. According to Damien reasoning

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 Colin Watson <cjwatson at debian.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cjwatson at debian.org --- Comment #15 from Colin Watson <cjwatson at debian.org> --- I think it would make

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #20 from Christoph Anton Mitterer <calestyo at scientia.org> --- I think this was answered last year in this thread: https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-May/040285.html and unfortunately it seems there won't be any merging of the GSSAPI patch. :-( There's:

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 DarioP <pellegrini.dario at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pellegrini.dario at gmail.com --- Comment #11 from DarioP <pellegrini.dario at gmail.com> --- (In reply to

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #13 from Darren Tucker <dtucker at zip.com.au> --- well it was never

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #14 from Mike Frysinger <vapier at gentoo.org> --- (In reply to Darren Tucker from comment #13) the original patch written in 2006 was against openbsd cvs, and it included a config option to turn it on/off (with the default being off). it largely applied cleanly up through 7.2 until the get_canonical_hostname refactor. since

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 Eitan Adler <lists at eitanadler.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lists at eitanadler.com -- You are receiving this mail because: You are the assignee for the bug. You are

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 Oliver Freyermuth <o.freyermuth at googlemail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |o.freyermuth at googlemail.com --- Comment #19 from Oliver Freyermuth <o.freyermuth at

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 simon at sxw.org.uk changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |simon at sxw.org.uk ------- Comment #5 from simon at sxw.org.uk 2006-08-19 08:28 ------- There isn't an easy fix for this, at

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 ------- Additional Comments From dleonard at vintela.com 2005-06-08 22:16 ------- a workaround at http://blog.macnews.de/unspecific/stories/4581/ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 ------- Comment #7 from jan.iven at cern.ch 2006-10-24 02:17 ------- Created an attachment (id=1202) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1202&action=view) (simplified patch - no config option) Given that the GSSAPI library will (unconditionally) use DNS anyway, perhaps we don't need yet another client-side config

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #9 from Simon Wilkinson <simon at sxw.org.uk> 2007-09-15 20:59:25 --- I've noted this on the mailing list too, but just for the record, the simplified patch is incorrect. GSSAPI != Kerberos, and even within the Kerberos space, some vendors ship with canonicalisation disabled. If we are going to ship a workaround for

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 Summary: GSSAPI authentication failes with Round Robin DNS hosts Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: openssh-bugs at mindrot.org

I finally decided to get a little source code dirt under my fingernails tonight and dig through chan_sip.c to understand how registrations are currently implemented. The hope is to perhaps at least seed some ideas about how to make registrations to a server name, which resolves to multiple IPs, either attempt each IP in the order they're returned by dns, or, simply attempt to register with

Hello All, I've encountered a problem with OpenSSH_3.7.1p2 and krb5 authentication that I did not have using previous OpenSSH versions and krb5. I have a group of machines that are all listed as addresses for hostname.domain.blah via round-robin dns. When attempting to ssh to hostname.here.blah using krb5 auth, I get the following error: (client side) debug1: Authentications that can

> > The internal DNS is NOT supporting round robin. As Rowland said use Bind9 > That's news to me! If so, then the internal DNS backed is not suitable for multiple DC's. (Though, I could've sworn it worked on versions 4.2+ < 4.7. It's on my to-do list to explore this further with different versions.)

I want to add another server to my existing Samba environment and use DNS round robin to do load balancing. Both will use same smb.conf. Is anyone out there using this kind of setup? I have few quick questions: 1. Can "interfaces" statement be used in DNS round robin. If yes, then how? 2. Should "preferred master= yes" be defined on both boxes? Thanks.

Hello, Our service has multiple Samba servers to serve up the same directories for our users. The users map to a single address, which directs them to a server by round-robin DNS. This hasn't really been a problem until recently. One user in particular complains that he loses his session, often in the middle of editing a document, causing problems with Windows file locking and he says he

Hi, Using ctdb, is it a valid setup to have : CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses containing only one ip address, thus with no round-robin. Is there a particular hard-coded limit that doesn't allow this? -- Nicolas Ecarnot