Date: Tue, 19 Mar 2002 10:23:43 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Dag-Erling Smorgrav <des@ofug.org> Cc: John Hay <jhay@icomtek.csir.co.za>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/secure/usr.sbin/sshd Makefile Message-ID: <20020319162343.GA44817@hellblazer.nectar.cc> In-Reply-To: <xzp663sege6.fsf@flood.ping.uio.no> References: <200203191506.g2JF6HW11561@zibbi.icomtek.csir.co.za> <xzp663sege6.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 19, 2002 at 04:17:21PM +0100, Dag-Erling Smorgrav wrote: > Seems that OpenSSH includes the wrong heder for Kerberos 5, so it will > build if neither or both krb4 and krb5 are enabled, but not if only > one of them is. Yes, this is fixed in my version of OpenSSH-portable. I don't see how it ever worked for anybody :-) Here is a patch generated from my tree that contains some unrelated bits (GSS-API stuff). I think you can see the relatively simple change needed, however. Hope this helps, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se Index: servconf.c =================================================================== RCS file: /home/NectarCVS/ssh/servconf.c,v retrieving revision 1.1.1.1.2.1 retrieving revision 1.1.1.1.4.4 diff -u -r1.1.1.1.2.1 -r1.1.1.1.4.4 --- servconf.c 20 Feb 2002 14:47:24 -0000 1.1.1.1.2.1 +++ servconf.c 20 Feb 2002 20:24:03 -0000 1.1.1.1.4.4 @@ -16,13 +16,7 @@ #include <krb.h> #endif #if defined(KRB5) -#ifdef HEIMDAL -#include <krb.h> -#else -/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V - * keytab */ -#define KEYFILE "/etc/krb5.keytab" -#endif +extern const char *krb5_defkeyname; #endif #ifdef AFS #include <kafs.h> @@ -88,6 +82,7 @@ options->gss_keyex=-1; options->gss_use_session_ccache = -1; options->gss_cleanup_creds = -1; + options->gss_server_name = NULL; #endif #if defined(KRB4) || defined(KRB5) options->kerberos_authentication = -1; @@ -129,6 +124,10 @@ void fill_default_server_options(ServerOptions *options) { + int krb4_keyfile, krb5_keyfile; + + krb4_keyfile = krb5_keyfile = 0; + /* Portable-specific options */ if (options->pam_authentication_via_kbd_int == -1) options->pam_authentication_via_kbd_int = 0; @@ -193,6 +192,12 @@ options->rsa_authentication = 1; if (options->pubkey_authentication == -1) options->pubkey_authentication = 1; +#ifdef KRB4 + krb4_keyfile = (access(KEYFILE, R_OK) == 0); +#endif +#ifdef KRB5 + krb5_keyfile = (access(krb5_defkeyname, R_OK) == 0); +#endif #ifdef GSSAPI if (options->gss_authentication == -1) options->gss_authentication = 1; @@ -202,10 +207,12 @@ options->gss_use_session_ccache = 1; if (options->gss_cleanup_creds == -1) options->gss_cleanup_creds = 1; + if (options->gss_server_name == NULL) + options->gss_server_name = xstrdup(GSS_SERVER_NAME_SOCKET); #endif #if defined(KRB4) || defined(KRB5) if (options->kerberos_authentication == -1) - options->kerberos_authentication = (access(KEYFILE, R_OK) == 0); + options->kerberos_authentication = krb4_keyfile||krb5_keyfile; if (options->kerberos_or_local_passwd == -1) options->kerberos_or_local_passwd = 1; if (options->kerberos_ticket_cleanup == -1) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020319162343.GA44817>