 |
 |
> So to be clear - you have isolated that only the macOS client triggers this? >> It's bizarre... on the public SSH box (CentOS 6.9 with FR 3.0.15), it fails with credentials from an IdP that runs pre-3.0.15 FreeRADIUS (and possibly an older version of OpenSSL). Once I update the IdP to FR 3.0.15, it all starts functioning! WTF! I really want to know what causes this! :-/ >> >> I'll roll some of the VMs back and see if this is related specifically to OpenSSL... :-/ In an unrelated search, I found this: http://web.mit.edu/macdev/KfM/Common/Documentation/faq-osx.html The interesting bit in this FAQ (discounting its age) is the problem of NAT and Kerberos tickets, and where it points out that applications requiring Channel Bindings may not work... :-/ Stefan Paetow Moonshot Industry & Research Liaison Coordinator t: +44 (0)1235 822 125 gpg: 0x3FCE5142 xmpp: [log in to unmask] skype: stefan.paetow.janet jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.