https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280407
Cy Schubert <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |Not A Bug Status|Open |Closed --- Comment #8 from Cy Schubert <[email protected]> --- (In reply to Anderson Soares Ferreira from comment #6) This is normal now. pam_krb5 was vulnerable to CVE-2023-3326. To avoid a rogue client spoofing a legitimate client one create a principal for the client and place its keytab on the client. The server knows the client is legitimate When the client presents its key from the keytab to the KDC. The kdc compares the key presented by the client from its keytab with the principal in the KDC database. Works as designed. -- You are receiving this mail because: You are the assignee for the bug.
