Date: Tue, 07 Oct 2008 10:56:50 -0400 From: Mike Tancsa <mike@sentex.net> To: Galen Sampson <galen.sampson@gmail.com>, Gunnar Flygt <flygt@sr.se>, FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: Possibility of backporting of Heimdal 1.1 Message-ID: <200810071456.m97Eun8J064681@lava.sentex.ca> In-Reply-To: <48EA820F.1030109@gmail.com> References: <20081006140255.GA74575@sr.se> <48EA820F.1030109@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 05:24 PM 10/6/2008, Galen Sampson wrote:
>I would like to second that. The heimdal in 7.0 is quite old. It
>is in fact inoperable with an mit kerberos realm when using
>ssh. The byte order is incorrect such that you get MIC checksum
>failures. After much googling (not documented in the krb5.conf man
>page or handbook) I found that a fix was added in the heimdal in
>7.0, but defaults to the old incompatible byte order. The heimdal
>in current uses the correct byte order by default. For those having
>the this issue with freebsd 7.0 the fix is adding the following
>lines to /etc/krb5.conf:
>
>[gssapi]
>correct_des3_mic = host/*@SOME.REALM
>
>Gunnar Flygt wrote:
>>Is there any possibility that heimdal 1.1 that works beautifully in
>>Current will be backported to FreeBSD-7.x?
>>
>>Gunnar Flygt
>>Sveriges Radio Teknik/IT
I think someone mentioned the possibility of post 7.1R. But not 100% sure
---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810071456.m97Eun8J064681>