Kerberos authentication issues after upgrading to SLES12 SP2

This document (7022536) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12 Service Pack 2 (SLES 12 SP2)

Situation

After upgrading to SLES12 SP2 from any earlier SUES Linux Enterprise version or service pack, kerberos authentication may break.

Kerberos 'key exchange' authentication over SSH is known to break, while other forms of kerberos authentication may continue to work.

Resolution

If possible, roll back the upgrade to it's previous version and configuration.

Alternatively, replacing the sshd and ssh binaries with those from a SLES12 Service Pack 1 server may provide a temporary work-around but please note that this is an unsupported configuration.

Cause

Bug. No details yet available.

Additional Information

Before upgrading to SLES12 Service Pack 2, please conduct test upgrades of any Kerberos configuration to see if it is still functional after the upgrade and post-upgrade patching process.

It is unclear if SLES12 Service Pack 3 is also affected.

This document will be updated once a permanent solution is available.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.