[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#413846: Acknowledgement (openssh-client: post-4.3p2-6 openssh gets kerberos-related hang (non-root only))

Russ Allbery <rra@debian.org> wrote:

> Jim Meyering <jim@meyering.net> writes:
>
>> You asked for details, so I've dug a little more.
>
>> I had an active Kerberos ticket for a domain that was currently only
>> partially accessible (VPN is up only some of the time, and sometimes
>> there are only partial routes).  When I run kdestroy, it removes the
>> file in /tmp that ssh was reading from (to get the name of the
>> unreachable system it hung on, while trying to "sendto").  Once that
>> file, /tmp/krb5cc_1000, was removed, ssh no longer needed the -o
>> 'GSSAPIAuthentication no' option to work properly.
>
>> Is that enough to go on?
>
> Ah, okay, so not Avahi.  You have a valid Kerberos configuration and
> active Kerberos tickets, so ssh wants to do GSSAPI authentication, but
> your connection to your Kerberos realm is very slow or just times out.  Is
> that a correct summary?

Almost.  The only difference is that there seems to be no time-out.
In one case today, I let ssh "hang" for well over an hour.

> I *hope* it's not particularly common to have Kerberos tickets for a realm
> that isn't responding.
Reply to: