Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 3642] New: GSS treats hostnames case sensitive -> suggestion for docs of GSSAPIStrictAcceptorCheck setting
bugzilla-daemon at mindrot
Dec 12, 2023, 2:00 AM
Post #1 of 1 (49 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3642

Bug ID: 3642
Summary: GSS treats hostnames case sensitive -> suggestion for
docs of GSSAPIStrictAcceptorCheck setting
Product: Portable OpenSSH
Version: 9.5p1
Hardware: amd64
OS: FreeBSD
Status: NEW
Severity: enhancement
Priority: P5
Component: Kerberos support
Assignee: unassigned-bugs@mindrot.org
Reporter: alexander-opensshbugzilla@leidinger.net

Hi,

I have a host which has a different case in the kerberos DB than in
DNS.
krb5: host/test.example.com@REALM
DNS: test.Example.com (forward and reverse match in DNS)

If I try to do GSS API authentication, it fails. If I use
"GSSAPIStrictAcceptorCheck no" for sshd, it succeeds.

Searching in the net reveals that more people have this issue.

I suggest to add a note to the ssh docs that this setting is not only
for multihomed machines, but also for cases where the case of the
hostname may not match from all sources (command line vs DNS vs the
output of hostname).

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal