[Bug 3642] New: GSS treats hostnames case sensitive -> suggestion for docs of GSSAPIStrictAcceptorCheck setting
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Dec 12 21:00:48 AEDT 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3642
Bug ID: 3642
Summary: GSS treats hostnames case sensitive -> suggestion for
docs of GSSAPIStrictAcceptorCheck setting
Product: Portable OpenSSH
Version: 9.5p1
Hardware: amd64
OS: FreeBSD
Status: NEW
Severity: enhancement
Priority: P5
Component: Kerberos support
Assignee: unassigned-bugs at mindrot.org
Reporter: alexander-opensshbugzilla at leidinger.net
Hi,
I have a host which has a different case in the kerberos DB than in
DNS.
krb5: host/test.example.com at REALM
DNS: test.Example.com (forward and reverse match in DNS)
If I try to do GSS API authentication, it fails. If I use
"GSSAPIStrictAcceptorCheck no" for sshd, it succeeds.
Searching in the net reveals that more people have this issue.
I suggest to add a note to the ssh docs that this setting is not only
for multihomed machines, but also for cases where the case of the
hostname may not match from all sources (command line vs DNS vs the
output of hostname).
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list