heimdal and mit incompatability when using GSSAPI
My college is kerberized, and so in many situations authentication is both faster and more secure using kerberos tickets. Sadly I have run into a problem.
The Heimdal included in FreeBSD seems to be incompatible with my school's servers running MIT kerberos when authenticating over gssapi.
For example ssh in verbose mode returns:
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: A token was invalid
Unknown error: 0
when I try to connect to oberon. This same connection works fine on another machine with MIT krb5.
Interestingly the tickets are issued even though the authentication fails:
[0:49] alex@Laptop: ~> klist
Credentials cache: FILE:/tmp/krb5cc_1001
Principal: boterola@REED.EDU
Issued Expires Principal
Feb 13 00:22:56 Feb 13 07:02:46 krbtgt/REED.EDU@REED.EDU
Feb 13 00:38:54 Feb 13 07:02:46 host/oberon.reed.edu@REED.EDU
I am also able to use GSSAPI in thunderbird (linux version with MIT krb5 libraries).
Does anyone have any insight into how to get GSSAPI authentication to work betwixt the default Heimdal in FreeBSD and our MIT-running servers?
Alex
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)