From nobody Wed Jan 18 23:46:37 2023 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ny2Tp6x41z2v6CG for ; Wed, 18 Jan 2023 23:46:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ny2Tp5vRVz4Qk6 for ; Wed, 18 Jan 2023 23:46:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1674085598; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PuI+TOsZZGM04u+Ri4wskA5OXHtMqkUQQDyhgI8EBl8=; b=vTd2ZepzVmUTetQEXOq85962LsuiYomZuIdkkuhWzu0Y1QaBDHU4jughGE5a3dti78cpuN kYHSm3a/X2XtC4Q8jLPPVliq02zaogCl4MYkzRwLoSSvfXdhgJKM5J5Mog5EF0cjwza20q MKhF3eTohvFDBjPQV2OsE1ssm2iKzPreWeAjTJYsB4eJPpKKmUTP67i+Y1N6dymmAp6zPd j53cdAw0drfYJbbAQg8fusA2nlW+Aq2f7FqVLtohoKTrbRQP3je79ZPr7/JuPSkevVMBhy MGFB9+Ya1bcdrHNxUYjIu79XKxcb2l+7SucDMh4Wloa7h6i654AhOqnhMcMjJA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1674085598; a=rsa-sha256; cv=none; b=vfJY8NY1VWaSujVMZtAMsHvfUvMVkWPi/P5vRTHuVqbt+HmLt63HT3TIlzFxGmwTmFQ86t WlOebkOWiQWgbQtyp3Y1KPmpcFvUpcrV+PSQDt36z5CGejdaVB3l7SyPcglxJcEtofsUnZ xlq4Quz9qSCXJ8ksG0WACdCDwW7gEkP3I+cRT9NOeTGspraBazmm6z/F/PAWC01Smqihmx MqDus/WaXK8vN1q/YNfDCt2lwGTmXXF4MngJHUi3ZD7oU9Gz6R5YYkNAD4VW6C1RYgt2JP eww0QSzAaYh6SEBlg3Vckb0Oxx1UunkwoBws0CxP2DxgkklQsj6OnMApUaY14A== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ny2Tp4s8yzVcF for ; Wed, 18 Jan 2023 23:46:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 30INkcWb021814 for ; Wed, 18 Jan 2023 23:46:38 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 30INkcuN021813 for bugs@FreeBSD.org; Wed, 18 Jan 2023 23:46:38 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC Date: Wed, 18 Jan 2023 23:46:37 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: cy@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268186 --- Comment #62 from Cy Schubert --- (In reply to amendlik from comment #60) The port flags itself as broken when the gssapi option is selected, stating that the patch is not available. Applying the patch for 8.9 will fail. Reworking the 8.9 patch is pointless because the code has changed significantly enough to require rewriting the patch. This is probably why Debian hasn't produced a patch yet, and IMO may never will. The port's Makefile has a comment that KERB_GSSAPI requires the GSSAPI patc= h, which has now been implemented by OpenBSD in OpenSSH. One needs to test Ope= nSSH without the KERB_GSSAPI patch. BTW, the MIT and HEIMDAL options are independent of the KERB_GSSAPI option.= I don't know why KERB_GSSAPI is required when building the gssapi flavor when= one can build opehssh-portable with just the MIT option without the KERB_GSSAPI option. --=20 You are receiving this mail because: You are the assignee for the bug.=