Date: Tue, 17 Jan 2023 14:48:44 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC Message-ID: <bug-268186-227-607Sw7gWWR@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-268186-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268186 --- Comment #54 from Cy Schubert <cy@FreeBSD.org> --- (In reply to amendlik from comment #53) My hypothesis is confirmed. My kdc's keys are encrypted using an older algorithm. I had exported the kdc and imported it using new keys to update it ~ 15 years ago. It works with Heimdal 1.5. Your keys in your KDC are encrypted using an algorithm not supported by Heimdal. The fix is to replace Heimdal in base with a newer Heimdal -- which I am working on but a recent git bug is preventing further progress due to recurring merge conflicts. (We git subtree merge and git rebase reassigns files in src/crypto/heimdal into src/. This affects all vendor/* code at time of import.) The other alternative is to install ports/security/openssh-portable built against ports/security/krb5. Your two options are to: 1. Wait for Heimdal 7.8.0 to be imported into FreeBSD, sometime this summer or autumn. 2. Install openssh-portable with MIT krb5. This must be done using the port because the binary package is built using the base system heimdal. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268186-227-607Sw7gWWR>