Date: Sun, 06 Oct 2024 04:33:43 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 280407] Authentication fails when using pam_krb5.so Message-ID: <bug-280407-227-nXJnBoRWAU@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-280407-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280407 Cy Schubert <cy@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |Not A Bug Status|Open |Closed --- Comment #8 from Cy Schubert <cy@FreeBSD.org> --- (In reply to Anderson Soares Ferreira from comment #6) This is normal now. pam_krb5 was vulnerable to CVE-2023-3326. To avoid a rogue client spoofing a legitimate client one create a principal for the client and place its keytab on the client. The server knows the client is legitimate When the client presents its key from the keytab to the KDC. The kdc compares the key presented by the client from its keytab with the principal in the KDC database. Works as designed. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280407-227-nXJnBoRWAU>