Public bug reported: Hi,
Upgrading from Natty to Oneiric upgrades krb5-user from version 1.8.3 +dfsg-5ubuntu2.1 to 1.9.1+dfsg-1ubuntu1. Immediately before the upgrade, I was able to SSH (to a network that uses an older KDC) using MIT Kerberos. Immediately following the upgrade, the connection fails with the following in the verbose output of SSH: debug1: Unspecified GSS failure. Minor code may provide more information KDC can't fulfill requested option Googling seems to indicate that this is a known bug in the 1.9.1 series of the Kerberos library, and that it has been resolved for 1.9.2. Compare the bug reports in RHL (https://bugzilla.redhat.com/show_bug.cgi?id=713518) and Archlinux (https://bugs.archlinux.org/task/25515), which both include a patch. I couldn't find any evidence that Debian has moved to 1.9.2--or applied this patch--yet, but I don't fully understand the mechanics of how updates trickle down from them. This is a fairly urgent bug because it completely prevents Kerberized SSH connection to any nodes using an older KDC. Thanks. ** Affects: krb5 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/874439 Title: canonicalize fallback bug in krb5-user prevents ssh with older KDC To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/874439/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
