[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ticket forwarding stopped working on Solaris with heimdal 0.7.x



Hello together,

as the subject tells the ticket forwarding does not work on Solaris8 with 
OpenSSH 4.3p1 linked against heimdal 0.7.1. My problem is quite equal to 
http://www.stacken.kth.se/lists/heimdal-discuss/2005-03/msg00066.html. 
The only difference is that it works perfectly if OpenSSH is linked 
against heimdal 0.6.3... On linux (SL3) I don't encounter these problems, 
either (same version of Heimdal and OpenSSH).

The tickets forwarded by the ssh client on Solaris include the ip address 
of the originating host - not the one of the destination host:

[mormo] ~ % /opt/products/openssh/4.3p1/bin/ssh -x -p1234 fuchur klist -v
Credentials cache: FILE:/tmp/krb5cc_l20242
         Principal: ahaupt@IFH.DE
     Cache version: 4

Server: krbtgt/IFH.DE@IFH.DE
Ticket etype: des-cbc-md5, kvno 119
Auth time:  Mar  1 08:24:13 2006
Start time: Mar  1 08:41:17 2006
End time:   Mar  2 09:41:17 2006
Ticket flags: transited-policy-checked
Addresses: IPv4:141.34.32.27

The ticket is not usable as you can imagine.

It's a client problem. Only connection initiated from Solaris have this 
problem. On the destination host the heimdal version doesn't matter.

Any hints?

Thanks and greetings
Andreas

-- 
| Andreas Haupt                      | E-Mail:  andreas.haupt@desy.de
|  DESY Zeuthen                      | WWW:     http://www.desy.de/~ahaupt
|  Platanenallee 6                   | Phone:   +49/33762/7-7359
|  D-15738 Zeuthen                   | Fax:     +49/33762/7-7216