Open SSH kerberos auth not working with 4.21.x keytabs as server principals are in caps/mixed case - keytab breaks RFS 4120, section 6.2.1, fix for 4.21.3 please?

Matt Grant matt at mattgrant.net.nz
Sun Dec 22 19:51:43 UTC 2024


Hi!


Thank you!


Ill keep you informed about how I'm doing with this patch.  I've got 
OpenSSH working with sync_spns setting using the patch, and sssd by 
creating a special  principal account_name machine keytab and setting 
ldap_krb5_keytab in sssd.conf


Regards,


Matt Grant

On 22/12/24 00:53, Ralph Boehme wrote:
> Hi Matt,
>
> thanks for bringing this up! Besides a behaviour change we'll also 
> need tests to cover this.
>
> @Pavel: iirc you've ween working on the keytab generation code 
> recently. Would you be able to look into this?
>
> Thanks!
> -slow
>
> On 12/21/24 8:03 AM, Matt Grant via samba-technical wrote:
>> Hi!
>>
>>
>> Any thoughts on including fix for Bug #15759 for 4.21.3 please? 'sync 
>> machine password to keytab' sync_spns is producing non functional key 
>> tabs - patch below to lower case default generated parts of service 
>> principal names in Unix keytabs
>>
>>
>> Its a major functionality breaker.
>>
>>
>> Thank you!
>>
>>
>> Matt Grant
>>
>>
>>
>>
>>
>



More information about the samba-technical mailing list