278517 – net/samba416 smbclient kerberos behaviour change

Bug 278517 - net/samba416 smbclient kerberos behaviour change

Summary: net/samba416 smbclient kerberos behaviour change

Status:	New

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Timur I. Bakeyev

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-04-21 22:54 UTC by dewayne
Modified:	2024-04-22 13:42 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (timur)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description dewayne 2024-04-21 22:54:32 UTC

Previous versions of SAMBA from 4.10-4.13 allowed
smbclient -k //HOST/USER -c pwd
which uses the cached principal.

As does SAMBA 4.16.11, but with the deprecation notice:
# smbclient -k //cute103.hs/dewayne -c pwd
WARNING: The option -k|--kerberos is deprecated!   <<<=== Issue

Using 
smbclient //cute103.hs/dewayne -c pwd
prompts for the principal password, as does
smbclient --use-kerberos=required //cute103.hs/dewayne -c pwd

Similarly, when adding to smb4.conf the following line
client use kerberos = required

Throughout this testing I have a 
  Issued                Expires               Principal
Apr 22 07:26:32 2024  Apr 22 17:26:39 2024  krbtgt/HS@HS
Apr 22 07:26:43 2024  Apr 22 17:26:39 2024  cifs/cute103.hs@HS

Is this an implementation issue or is this a SAMBA peculiarity - that being: 
even though a user has the user and service principal in their cache to either: prompt for the password; or be told that they're using deprecated functionality?

Please note I have a group of SAMBA standalone servers using heimdal kdc and openldap (since 4.10.11) on FreeBSD 12.4S, 13.2S and 14.0-p5.