Public bug reported: There is a bug within eglibc [1] and [2] which breaks kerberos authentication functionality for ssh-servers behind NAT gateways as glibc does a rDNS cannonicalization of hostnames even if you specify "rdns=false" in krb5.conf.
There is a workaround implemented in MIT krb5 v. 1.10.2. [3]. The current maintenance release is 1.10.3. As the bug is still not fixed in eglibc, krb5 should be updated to at least 1.10.3 to fix this issue. [1] https://bugzilla.redhat.com/show_bug.cgi?id=714823 [2] https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1057526 [3] http://krbdev.mit.edu/rt/Ticket/Display.html?id=7124 ** Affects: krb5 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1095757 Title: krb5 packages should be updated to v. >=1.10.2 to workaround bug with gssapi kerberos authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1095757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs