Bug 129293
Summary: | kerberos ticket forwarding support on openssh | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Franco M. Bladilo <bladilo> |
Component: | openssh | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED WONTFIX | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.0 | CC: | dkelson, jdreed, seph |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-02-09 13:51:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Franco M. Bladilo
2004-08-05 22:30:35 UTC
Personally, I think this bug is more than just an "enhancement" Here at MIT we're running into this issue. The SPEC file for the SRPM has this neat little line in it: # Apply gss-specific patches only if the release tag includes "gss". (Not # to be used for actual releases until it's in the mainline.) if echo "%{release}" | grep -q gss; then %patch11 -p1 -b .gssapi autoreconf fi If you add 'gss' to the release tag, or simply comment out the "if" clause, and rebuild the RPM, the patch gets applied, and ssh behaves as expected. It's most unfortunate that the GSSAPI patch has been left out of the mainline release. It's been around for quite some time, and is in widespread use in other distributions. Without this patch, OpenSSH is mostly useless in any Kerberized infrastructure. Is there any chance that this patch can make into mainline releases before RHEL 4.0? Alternatively, can you provide two packages, one with GSSAPI, and one without, until such time? Having an OpenSSH client with Kerberos support in this half-broken state is alienating a number of large educational institutions. particularly as authconfig supports kerberos. Are there any plans to fix this, or has it fallen through the cracks since it's flagged as an enhancement? No, there are currently no such plans and note that the patch in the SRPM is incompatible with the gssapi implementation in the current openssh-3.9p1. |