Re: heimdal 0.8.1 troubles

["Henry B. Hotz" <hotz@jpl.nasa.gov>]

On Jun 19, 2007, at 11:35 AM, vadim wrote:

> Hi all,
>
> I have openssh+heimdal-0.6.4 boxes and solaris 10 ssh boxes. As KDC I
> use MS AD.
>
> If I ssh from any of them to openssh+heimdal-0.8.1 I always get error
> message which sounds like "Decrypt integrity whatsoever failed".
>
> The fact, that heimdal-0.8.1 has troubles to be an GSSAPI acceptor  
> with
> heimdal-0.6.4 as an initiator is somehow surprising. In fact, I do not
> observe same problems between heimdal 0.6.4 and 0.7.2 (despite of the
> fact, that 0.6.4 has less interoperability issues with solaris 10
> kerberos implementation -:)).
>
> Can it be that something became fundamentally broken in heimdal 0.8.1?
>
> best regards, vadim tarassov

IIRC older Heimdal had some compatibility bug w.r.t. other K5/GSSAPI  
implementations.  There's probably some extra compatibility code in  
0.8.1 to work with the broken versions.

Love would know for sure.

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu