Description of problem: Connecting with a ssh to a specific host that has gssapi authentication works with: krb5-libs-1.18-1.fc32.x86_64 When connecting using krb5-libs-1.18.2-9.fc32 I get: ssh -v hostname ... debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Generic error (see e-text) (there is no additional text)
Potentially related to: https://bugzilla.redhat.com/show_bug.cgi?id=1852041 if it turns out to be some name canonicalization bug
Sounds like a server misconfiguration issue, they have entries for both principals in the KDC, but the server fails to operate with one of them ? What is dns_canonicalize_hostname set to in your krb5.conf ? If it is set to fallback, try to change it to either true and see if it works that way.
Yeah, this is server misconfiguration issue - works with `dns_canonicalize_hostname = true` but not with `dns_canonicalize_hostname = false`. Can you file a bug? I'm not sure who runs the server in question or where to file bugs about it. (Simo's analysis of the problem in #c4 is correct, is what I'm saying.)
Closing this out since tickets have been filed with the problematic services.