[MacPorts] #55707: problem with kerberized ssh

Wed Jan 17 16:21:09 UTC 2018

#55707: problem with kerberized ssh
-----------------------+-----------------
 Reporter:  clhedrick  |      Owner:
     Type:  defect     |     Status:  new
 Priority:  Normal     |  Milestone:
Component:  ports      |    Version:
 Keywords:             |       Port:
-----------------------+-----------------
 This problem occurs only in a very specific situation. It results in a
 failure if you try to login using ssh with a kerberos ticket. The
 situation:

 krb5.conf has noaddresses = false, and doesn't list a kdc. In this
 situation Kerberos will discover the KDC from DNS. The discovery works
 fine for kinit. But if you try ssh you get an error. This error does not
 occur with noaddresses true, or if the kdc is specified. This problem does
 not occur with the same versions of kerberos and openssh on Linux.

 debug2: service_accept: ssh-userauth
 debug1: SSH2_MSG_SERVICE_ACCEPT received
 debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic
 ,keyboard-interactive
 debug1: Next authentication method: gssapi-with-mic
 debug1: Unspecified GSS failure.  Minor code may provide more information
 Incorrect net address

 debug2: we sent a gssapi-with-mic packet, wait for reply
 debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic
 ,keyboard-interactive
 debug2: we did not send a packet, disable method
 debug1: Next authentication method: keyboard-interactive
 debug2: userauth_kbdint
 debug2: we sent a keyboard-interactive packet, wait for reply
 debug2: input_userauth_info_req
 debug2: input_userauth_info_req: num_prompts 1
 Password:

--
Ticket URL: <https://trac.macports.org/ticket/55707>
MacPorts <https://www.macports.org/>
Ports system for macOS