netbsd-bugs: bin/22114: kerberos-2@ssh.com problems

Subject: bin/22114: kerberos-2@ssh.com problems
To: None <gnats-bugs@gnats.netbsd.org>
From: Klaus Klein <kleink@reziprozitaet.de>
List: netbsd-bugs
Date: 07/10/2003 14:18:17

>Number:         22114
>Category:       bin
>Synopsis:       kerberos-2@ssh.com problems
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jul 10 12:20:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Klaus Klein
>Release:        NetBSD 1.6U
>Organization:
Frobozz Magic Standards Company
>Environment:
n/a

>Description:
	In my environment I have a Kerberos 5 KDC, and I'm using
	SSH publickey authentication as well.

	When the TGT has expired, ssh is (obviously) unable to perform 
	kerberos-2@ssh.com authentication.  However, sshd does not support
	falling back to publickey authentication and logs

		fatal: monitor_read: unpermitted request 39,

	although it does offer an "authentications that can continue"
	packet after the failure.

	With a destroyed credential cache file, this is not a problem.

>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: