Description of problem: ssh client crashes if it runs on a host that has a kerberos ticket present even if kerberos is not used for authentication. Version-Release number of selected component (if applicable): openssh-clients-4.3p2-4.10 How reproducible: Always. Steps to Reproduce: 1. kinit miffo.SE 2. ssh -v example.com Actual results: [snip] debug1: Host 'example.com' is known and matches the RSA host key. debug1: Found key in /home/user/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic *** glibc detected *** ssh: double free or corruption (top): 0x08263d30 *** ======= Backtrace: ========= /lib/libc.so.6[0x1a71cd] /lib/libc.so.6(cfree+0x90)[0x1a7360] /usr/lib/libkrb5.so.3(krb5_free_cred_contents+0x8d)[0x81cbbd] /usr/lib/libkrb5.so.3(krb5_free_creds+0x29)[0x81cc49] /usr/lib/libkrb5.so.3(krb5_free_tgt_creds+0x2e)[0x81cc8e] /usr/lib/libkrb5.so.3(krb5_get_credentials+0x1dc)[0x8173dc] /usr/lib/libgssapi_krb5.so.2(krb5_gss_init_sec_context+0xab9)[0xc8ef19] /usr/lib/libgssapi_krb5.so.2(gss_init_sec_context+0x71)[0xc93511] ssh[0x48cac3] ssh[0x48cc9c] ssh[0x46edad] ssh[0x46ef5d] ssh[0x46f62a] ssh[0x4869ab] ssh[0x46faed] ssh[0x469f81] ssh(main+0x1007)[0x4612c7] /lib/libc.so.6(__libc_start_main+0xdc)[0x15723c] ssh[0x45f581] Expected results: One should be able to log in to the host. Additional info: The KDC has strong Heimdal preference but I guess everybody knows that. Still, only Fedora software runs on the client so one cannot blame it on KDC. Destroying the ticket fixes the problem, the following output appears: [snip] debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Miscellaneous failure No credentials cache found debug1: Miscellaneous failure No credentials cache found debug1: Next authentication method: publickey So, my first guess is that the recent credential caching code has not been thoroughly tested...
*** This bug has been marked as a duplicate of 208102 ***