Date: Mon, 06 Oct 2008 14:24:31 -0700 From: Galen Sampson <galen.sampson@gmail.com> To: Gunnar Flygt <flygt@sr.se>, FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: Possibility of backporting of Heimdal 1.1 Message-ID: <48EA820F.1030109@gmail.com> In-Reply-To: <20081006140255.GA74575@sr.se> References: <20081006140255.GA74575@sr.se>
next in thread | previous in thread | raw e-mail | index | archive | help
I would like to second that. The heimdal in 7.0 is quite old. It is in fact inoperable with an mit kerberos realm when using ssh. The byte order is incorrect such that you get MIC checksum failures. After much googling (not documented in the krb5.conf man page or handbook) I found that a fix was added in the heimdal in 7.0, but defaults to the old incompatible byte order. The heimdal in current uses the correct byte order by default. For those having the this issue with freebsd 7.0 the fix is adding the following lines to /etc/krb5.conf: [gssapi] correct_des3_mic = host/*@SOME.REALM Gunnar Flygt wrote: > Is there any possibility that heimdal 1.1 that works beautifully in > Current will be backported to FreeBSD-7.x? > > Gunnar Flygt > Sveriges Radio Teknik/IT > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48EA820F.1030109>