sshd kerberos broken after upgrading to 2.13.1

[Ping Yin]

with following configuration

[sshd]
kerberosKeytab = /home/git/review_site/etc/krb5.keytab
kerberosPrincipal = host/git.byted.org

at version 2.12.3, ssh with kerberos authentication works.
However, after upgrading to 2.13.1, this doesn't work.

the commandline:

$ ssh user...@git.example.com -p 29418
Permission denied (gssapi-with-mic,publickey).

I guess it may be related to the commit

commit c0a9d010d4843609f037d8f8124c2f59d6f39e24
Author: David Ostrovsky <da...@ostrovsky.org>
Date: Tue Apr 5 01:22:49 2016 +0200

Bump SSHD version to 1.2.0

Ping Yin

[Ping Yin]

with ssh -vvv ...

debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: gssapi-with-mic,publickey
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: gssapi-with-mic,publickey
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: gssapi-with-mic,publickey
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: gssapi-with-mic,publickey
debug2: we did not send a packet, disable method
Ping Yin

[Ping Yin]

Actually, it is due to this commit

commit cfc5a2cd5e41a4ac229a0b66ca3faf93d82aebe3
Merge: bec2064 e8a5214
Author: David Pursehouse <david.pu...@sonymobile.com>
Date: Tue Jan 19 12:35:37 2016 +0000

Merge "Update sshd-core to 1.0.0 and mina to 2.10"

After revert this commit, i can ssh again
Ping Yin

[Ping Yin]

Can anyone help?

343104481e83b99cce2941f372dd60bf54cf2d94 ok
e8a521447d50355cc6dd96d9b21f48688309f5e8 bad
$ ssh git.example.com -p 29418
Bad packet length 1737844323.
Disconnecting: Packet corrupt


git log --topo-order e8a521447d50355cc6dd96d9b21f48688309f5e8

commit e8a521447d50355cc6dd96d9b21f48688309f5e8
Author: David Ostrovsky <da...@ostrovsky.org>
Date: Mon Dec 7 15:01:03 2015 +0900

Update sshd-core to 1.0.0 and mina to 2.10

...

commit 343104481e83b99cce2941f372dd60bf54cf2d94
Merge: 92689ed 08cc835
Author: David Pursehouse <david.pu...@sonymobile.com>
Date: Fri Jan 8 07:41:04 2016 +0000

Merge "Buck: Wipe out the machinery for merging JARs"
Ping Yin

[luca.mi...@gmail.com]

Have you tried a revert of the commit on top of stable-2.13?

Luca

Sent from my iPhone

> --
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
>
> ---
> You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Ping Yin]

There are too many sshd related changes (after upgrading to 1.0.0,
then upgrade to 1.2.0), i failed to revert
Ping Yin

[Fei Li]

update: 

The exception message is GSSException: Token had invalid integrity check (Mechanism level: Corrupt checksum or sequence number in MIC token).

[Fei Li]

update:

I found the problem:

the value of getUsername() in version 2+ is `user...@DOMAIN.COM` but in version 1.0.0 it is `username`.

[Fei Li]

this is the commit:  https://github.com/apache/mina-sshd/commit/d19f5eca5714b7055b8655a46aeba0629c9dc05a#diff-6632304d23a69cec2f1da01ee1b4eb8f

[Fei Li]

I create a pr for this issue:  https://github.com/apache/mina-sshd/pull/26

[Ping Yin]

Thanks. This pr has been merged to master of sshd-core, and i verified it works.
Ping Yin