similar to: [Bug 1008] GSSAPI authentication fails with Round Robin DNS hosts

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 simon at sxw.org.uk changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |simon at sxw.org.uk ------- Comment #5 from simon at sxw.org.uk 2006-08-19 08:28 ------- There isn't an easy fix for this, at

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #16 from kgizdov <mindrot at kge.pw> --- Apparently, some good Samaritan already made patches compatible with the current version of OpenSSH. There is a package on the Arch User Repo (openssh-gssapi 7.1p2-1) that implements them. Here are the patches themselves:

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 ------- Additional Comments From dleonard at vintela.com 2005-06-08 22:16 ------- a workaround at http://blog.macnews.de/unspecific/stories/4581/ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 ------- Comment #7 from jan.iven at cern.ch 2006-10-24 02:17 ------- Created an attachment (id=1202) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1202&action=view) (simplified patch - no config option) Given that the GSSAPI library will (unconditionally) use DNS anyway, perhaps we don't need yet another client-side config

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #9 from Simon Wilkinson <simon at sxw.org.uk> 2007-09-15 20:59:25 --- I've noted this on the mailing list too, but just for the record, the simplified patch is incorrect. GSSAPI != Kerberos, and even within the Kerberos space, some vendors ship with canonicalisation disabled. If we are going to ship a workaround for

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 Colin Watson <cjwatson at debian.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cjwatson at debian.org --- Comment #15 from Colin Watson <cjwatson at debian.org> --- I think it would make

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #17 from Darren Tucker <dtucker at zip.com.au> --- (In reply to kgizdov from comment #16) > I hope this helps. Not really. Those have a lot of other changes (mostly the GSSAPI key exchange support) and it still uses get_canonical_hostname() which is currently not available in the client. According to Damien reasoning

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #20 from Christoph Anton Mitterer <calestyo at scientia.org> --- I think this was answered last year in this thread: https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-May/040285.html and unfortunately it seems there won't be any merging of the GSSAPI patch. :-( There's:

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 Summary: GSSAPI authentication failes with Round Robin DNS hosts Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: openssh-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 DarioP <pellegrini.dario at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pellegrini.dario at gmail.com --- Comment #11 from DarioP <pellegrini.dario at gmail.com> --- (In reply to

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 kgizdov <mindrot at kge.pw> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mindrot at kge.pw --- Comment #12 from kgizdov <mindrot at kge.pw> --- I just wanted to chime in here to say that

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #13 from Darren Tucker <dtucker at zip.com.au> --- well it was never

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 --- Comment #14 from Mike Frysinger <vapier at gentoo.org> --- (In reply to Darren Tucker from comment #13) the original patch written in 2006 was against openbsd cvs, and it included a config option to turn it on/off (with the default being off). it largely applied cleanly up through 7.2 until the get_canonical_hostname refactor. since

https://bugzilla.mindrot.org/show_bug.cgi?id=1008 Eitan Adler <lists at eitanadler.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lists at eitanadler.com -- You are receiving this mail because: You are the assignee for the bug. You are

Hello All, I've encountered a problem with OpenSSH_3.7.1p2 and krb5 authentication that I did not have using previous OpenSSH versions and krb5. I have a group of machines that are all listed as addresses for hostname.domain.blah via round-robin dns. When attempting to ssh to hostname.here.blah using krb5 auth, I get the following error: (client side) debug1: Authentications that can

With pleasure we announce the release of tinc version 1.1pre16. Here is a summary of the changes in tinc 1.1pre16: * Fixed building with support for UML sockets. * Documentation updates and spelling fixes. * Support for MSS clamping of IP-in-IP packets. * Fixed parsing of the -b flag. * Added the ability to set a firemall mark on sockets on Linux. * Minor improvements to the build system.

With pleasure we announce the release of tinc version 1.1pre16. Here is a summary of the changes in tinc 1.1pre16: * Fixed building with support for UML sockets. * Documentation updates and spelling fixes. * Support for MSS clamping of IP-in-IP packets. * Fixed parsing of the -b flag. * Added the ability to set a firemall mark on sockets on Linux. * Minor improvements to the build system.

Hi, I have a linux server running kernel 2.6.19 that is connected with 2 seperate 100Mbit links to the same isp: +---+ +---------------+ | I | +---------------+ | | | S | | | | eth0 --+--------------+ P | | |

Somewhat belatedly, I'm pleased to announce the availability of my GSSAPI key exchange patches for OpenSSH 5.2p1. Apologies for the delay in getting these out, a honeymoon, followed by the pressure of work, made the first half of this year rather busy! Whilst OpenSSH contains support for GSSAPI user authentication, this still relies upon SSH host keys to authenticate the server to the

From the better-late-than-never-department, I'm pleased to announce the availability of my GSSAPI Key Exchange patches for OpenSSH 5.3p1. This is a pretty minor maintenance release - it contains a couple of fixes to take into account changes to the underlying OpenSSH code, and a compilation fix for when GSSAPI isn't required. Thanks to Colin Wilson and Jim Basney for their bug reports.