search

bstansell / conserver

Logged, multi-user access to device consoles
https://www.conserver.com/
BSD 3-Clause "New" or "Revised" License
129 stars 38 forks source link

Kerberos stopped working to ipa-server-4.9.12-11 #99

Open agialluc opened 6 months ago

agialluc commented 6 months ago

After our Identity and Access Management group updated their IPA server to ipa-server-4.9.12-11.module+el8.9.0+20824+f2605038.x86_64 our conservers stopped working with Kerberos authentication.

The OS system still works when using ssh as in 'ssh -AK $FQDN' so the system keytab and kerberos setup is working. However we can only connect via console if kerberos is disabled via 'KRB5_TRACE=/dev/stdout console $ARGS' and supplying the user password each time.

At present we are running:

rpm -qa | grep conserver

conserver-debuginfo-8.2.1-4.3.el7.x86_64 conserver-client-8.2.1-4.3.el7.x86_64 conserver-8.2.1-4.3.el7.x86_64

The server is running:

cat /etc/redhat-release

Red Hat Enterprise Linux Server release 7.9 (Maipo)

Is this something that can be looked at and possible fixed on this end ?

Thanks in Advance.

agialluc commented 6 months ago

I should note tracing on the server only shows: `[root@console ~]# KRB5_TRACE=/dev/stdout /usr/sbin/conserver

[Wed Feb 14 21:40:42 2024] conserver (153644): conserver.com version 8.2.1

[Wed Feb 14 21:40:42 2024] conserver (153644): started as root' byroot'

[Wed Feb 14 21:41:24 2024] conserver (153644): ERROR: GSSAPI didn't work, An invalid status code was supplied`