Date: Sun, 29 Nov 2015 20:35:13 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 204899] security/py-kerberos: authGSSClientStep raises GSSError UNKNOWN_SERVER Message-ID: <bug-204899-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204899 Bug ID: 204899 Summary: security/py-kerberos: authGSSClientStep raises GSSError UNKNOWN_SERVER Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: dvl@FreeBSD.org Reporter: john@saltant.com Flags: maintainer-feedback?(dvl@FreeBSD.org) Assignee: dvl@FreeBSD.org Summary: ======== When security/py-kerberos 1.1.1 is built with either GSSAPI_BASE or GSSAPI_HEIMDAL, the first invocation of authGSSClientStep raises kerberos.GSSError after failing to acquire a ticket for the krbtgt service on the intended host rather than the specified service. Expected result: ================ authGSSClientStep should request a service ticket for the specified service and return successfully. Test environment: ================= I have three hosts (hostB, hostH, and hostM)---running security/py-kerberos built with GSSAPI_BASE, GSSAPI_HEIMDAL, and GSSAPI_MIT respectively---in the Kerberos realm EXAMPLE.COM, which is running an MIT Kerberos KDC on a third host. For each of the three hosts, I have created service principals for the 'example' service, and performed a kinit to obtain a TGT for my own user principal. Attached are three files showing the (sanitized) output of uname -a pkg info -xAf kerb heim krb5 ktutil -k example.keytab l klist on each of the three test hosts. Test results: ============= To demonstrate the failure, I use the test.py script from the upstream, PyKerberos-1.1.1 distribution. The invocation and output of the test script is also attached for each of the three test hosts. I observed the following log lines on the KDC during the failing test cases. UNKNOWN_SERVER: authtime 0, john@EXAMPLE.COM for krbtgt/hostB.example.com@EXAMPLE.COM, Server not found in Kerberos database UNKNOWN_SERVER: authtime 0, john@EXAMPLE.COM for krbtgt/hostH.example.com@EXAMPLE.COM, Server not found in Kerberos database I observed the following log line on the KDC during the successful test case. ISSUE: authtime 1448823471, etypes {rep=18 tkt=18 ses=18}, john@EXAMPLE.COM for example/hostM.example.com@EXAMPLE.COM Thereafter, on hostM, the output of kinit shows that the credential cache has a ticket for example/hostM.example.com@EXAMPLE.COM. Fix/Workaround: =============== Unknown. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-204899-13>