On systems with multiple IPv6 interfaces, kerberos tickets with addresses in them are not accepted by other hosts, with the following error: [nwhitehorn@banshee ~]$ telnet tiburon Trying 2001:4830:151a:d610:20f:b5ff:fefb:4219... Connected to tiburon.munuc.org. Escape character is '^]'. [ Trying mutual KERBEROS5 (host/tiburon.munuc.org@MUNUC.ORG)... ] [ Kerberos V5 refuses authentication because Read req failed: ASN.1 badly-formatted encoding ] [ Trying KERBEROS5 (host/tiburon.munuc.org@MUNUC.ORG)... ] [ Kerberos V5 refuses authentication because Read req failed: ASN.1 badly-formatted encoding ] (This also happens if I connect over IPv4) My tickets look like this: [nwhitehorn@banshee ~]$ klist -v Credentials cache: FILE:/tmp/krb5cc_1001 Principal: nwhitehorn@MUNUC.ORG Cache version: 4 Server: krbtgt/MUNUC.ORG@MUNUC.ORG Ticket etype: des3-cbc-sha1, kvno 1 Auth time: Nov 6 08:54:32 2007 End time: Nov 6 18:54:32 2007 Renew till: Nov 13 08:54:32 2007 Ticket flags: renewable, initial Addresses: IPv4:10.0.10.1, IPv6:2001:4830:151a:d610::1, IPv4:128.135.214.27, IPv4:128.135.214.16, IPv6:2001:4830:151a:d600::d610 I have also experienced this problem on a machine running FreeBSD/arm 7.0-CURRENT, one running FreeBSD/i386 5.5-STABLE, and one running 8.0-CURRENT on i386. Fix: Acquire the tickets with kinit --no-addresses. How-To-Repeat: Try to use kerberos tickets obtained on a multihomed IPv6 host.
Responsible Changed From-To: freebsd-bugs->kmacy I need to cross-reference this with the kth kerberos bug database to see if this has been fixed there.
Responsible Changed From-To: kmacy->freebsd-bugs kmacy has asked for all of his PRs to be reassigned, put back into the pool.
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped