Open SSH kerberos auth not working with 4.21.x keytabs as server principals are in caps/mixed case - keytab breaks RFS 4120, section 6.2.1, fix for 4.21.3 please?

pfilipensky at samba.org pfilipensky at samba.org
Wed Jan 8 16:15:34 UTC 2025


Hi Matt,

I am sorry, I have missed this mail. I will look at it now and if needed 
I will add the fix to samba-4.21.4.

Thank you!

Pavel


On 12/21/24 12:53 PM, Ralph Boehme via samba-technical wrote:
> Hi Matt,
>
> thanks for bringing this up! Besides a behaviour change we'll also 
> need tests to cover this.
>
> @Pavel: iirc you've ween working on the keytab generation code 
> recently. Would you be able to look into this?
>
> Thanks!
> -slow
>
> On 12/21/24 8:03 AM, Matt Grant via samba-technical wrote:
>> Hi!
>>
>>
>> Any thoughts on including fix for Bug #15759 for 4.21.3 please? 'sync 
>> machine password to keytab' sync_spns is producing non functional key 
>> tabs - patch below to lower case default generated parts of service 
>> principal names in Unix keytabs
>>
>>
>> Its a major functionality breaker.
>>
>>
>> Thank you!
>>
>>
>> Matt Grant
>>
>>
>>
>>
>>
>



More information about the samba-technical mailing list