Red Hat Bugzilla – Bug 427303
can't log in using gssapi when also specifying an SELinux role
Last modified: 2008-01-03 12:47:18 EST
Description of problem:
The patches to sshd which allow it to recognize "user/role" as a user name cause
gssapi authentication to fail when the user's name is specified in this way.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Set up gssapi authentication.
2. Attempt to log in while specifying a role, even your default one (by
specifying "user/role", for example "root/unconfined_t" as a user).
Client fails to authenticate, falls back to pubkey or password-based auth. The
server logs this error:
Jan 2 20:34:24 blade sshd: GSSAPI MIC check failed
This is documented in section 4 of RFC4462 if a reference is needed.
Created attachment 290679 [details]
patch which seems to work for me