From owner-freebsd-stable@FreeBSD.ORG Mon Oct 6 21:44:33 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 899CC1065678 for ; Mon, 6 Oct 2008 21:44:33 +0000 (UTC) (envelope-from galen.sampson@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.25]) by mx1.freebsd.org (Postfix) with ESMTP id 3AA808FC20 for ; Mon, 6 Oct 2008 21:44:33 +0000 (UTC) (envelope-from galen.sampson@gmail.com) Received: by qw-out-2122.google.com with SMTP id 9so675472qwb.7 for ; Mon, 06 Oct 2008 14:44:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=FCD/9Q2GtE/QBSE58wGxLh6jGhr8Nx5qJ/svAhRGleQ=; b=TQceIbJF1Lq7mPxTFrtHHZPbCQpPZe2Eyo25G45fn/vwmloFSHONdAv2WO9wgmbNku asosu1AYpcuEp2lYMHJsdvXnd/wTzSgD3VqQlS2f3Ud/WrX0Cq6WGicYX5kg15StWpuh RXAVxDrs+oimAD+qIcrrI+2wAypjzD1ymA5S8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=b0rbDnO9bdgGFlsZyFOp5O7WxK2yRuyyPiAQ/cJl5SPMPgY7r2NwfFFVVvpDsI0PX2 JJ+REuRWSYPXNh3NAsonFnWfd6xZ6inTrBNk/yUyPfZjg9419+Vcph20eIdW1fYk67Yy u2EXkS6Boe4vToz2stevxZf7t2ZjfcIs4h6eQ= Received: by 10.214.148.4 with SMTP id v4mr6679695qad.47.1223328272493; Mon, 06 Oct 2008 14:24:32 -0700 (PDT) Received: from ?192.168.0.101? (ip72-205-194-62.sb.sd.cox.net [72.205.194.62]) by mx.google.com with ESMTPS id i49sm7778917rne.19.2008.10.06.14.24.31 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 06 Oct 2008 14:24:32 -0700 (PDT) Message-ID: <48EA820F.1030109@gmail.com> Date: Mon, 06 Oct 2008 14:24:31 -0700 From: Galen Sampson User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071031 Thunderbird/2.0.0.9 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: Gunnar Flygt , FreeBSD Stable References: <20081006140255.GA74575@sr.se> In-Reply-To: <20081006140255.GA74575@sr.se> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Possibility of backporting of Heimdal 1.1 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2008 21:44:33 -0000 I would like to second that. The heimdal in 7.0 is quite old. It is in fact inoperable with an mit kerberos realm when using ssh. The byte order is incorrect such that you get MIC checksum failures. After much googling (not documented in the krb5.conf man page or handbook) I found that a fix was added in the heimdal in 7.0, but defaults to the old incompatible byte order. The heimdal in current uses the correct byte order by default. For those having the this issue with freebsd 7.0 the fix is adding the following lines to /etc/krb5.conf: [gssapi] correct_des3_mic = host/*@SOME.REALM Gunnar Flygt wrote: > Is there any possibility that heimdal 1.1 that works beautifully in > Current will be backported to FreeBSD-7.x? > > Gunnar Flygt > Sveriges Radio Teknik/IT > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >