[Bug 3642] New: GSS treats hostnames case sensitive -> suggestion for docs of GSSAPIStrictAcceptorCheck setting

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Dec 12 21:00:48 AEDT 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3642

            Bug ID: 3642
           Summary: GSS treats hostnames case sensitive -> suggestion for
                    docs of GSSAPIStrictAcceptorCheck  setting
           Product: Portable OpenSSH
           Version: 9.5p1
          Hardware: amd64
                OS: FreeBSD
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Kerberos support
          Assignee: unassigned-bugs at mindrot.org
          Reporter: alexander-opensshbugzilla at leidinger.net

Hi,

I have a host which has a different case in the kerberos DB than in
DNS.
   krb5: host/test.example.com at REALM
   DNS: test.Example.com    (forward and reverse match in DNS)

If I try to do GSS API authentication, it fails. If I use
"GSSAPIStrictAcceptorCheck no" for sshd, it succeeds.

Searching in the net reveals that more people have this issue.

I suggest to add a note to the ssh docs that this setting is not only
for multihomed machines, but also for cases where the case of the
hostname may not match from all sources (command line vs DNS vs the
output of hostname).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list