[Bug 1095757] Re: krb5 packages should be updated to v. >=1.10.2 to workaround bug with gssapi kerberos authentication

[Robie Basak]

Thank you for taking the time to report this bug and helping to make
Ubuntu better.

Both Ubuntu Raring and Debian sid are currently on 1.10.1+dfsg-3, so
this needs to be addressed with the new upstream release in Debian
first, and then Ubuntu will be able to sync.

If you need a backport to an existing Ubuntu release, then this should
be followed up in bug 571572. See
https://wiki.ubuntu.com/StableReleaseUpdates for policy and procedure
(we'll need a cherry-pick).

** Tags added: upgrade-software-version

** Changed in: krb5 (Ubuntu)
       Status: New => Triaged

** Changed in: krb5 (Ubuntu)
   Importance: Undecided => Medium

** Summary changed:

- krb5 packages should be updated to v. >=1.10.2 to workaround bug with gssapi kerberos authentication
+ Please update krb5 to new upstream release >=1.10.2

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1095757

Title:
  Please update krb5 to new upstream release >=1.10.2

Status in “krb5” package in Ubuntu:
  Triaged

Bug description:
  There is a bug within eglibc [1] and [2] which breaks kerberos
  authentication functionality for ssh-servers behind NAT gateways as
  glibc does a rDNS cannonicalization of hostnames even if you specify
  "rdns=false" in krb5.conf.

  There is a workaround implemented in MIT krb5 v. 1.10.2. [3].
  The current maintenance release is 1.10.3.

  As the bug is still not fixed in eglibc, krb5 should be updated to at
  least 1.10.3 to fix this issue.

  [1] https://bugzilla.redhat.com/show_bug.cgi?id=714823
  [2] https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1057526
  [3] http://krbdev.mit.edu/rt/Ticket/Display.html?id=7124

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1095757/+subscriptions