Date: Wed, 9 Aug 2000 07:18:17 -0700 (PDT) From: Mark.Andrews@nominum.com To: freebsd-gnats-submit@FreeBSD.org Subject: misc/20504: [PATCH] ssh (openssh) cannot connect to sshd (ssh.com) using kerberos5 Message-ID: <20000809141817.266F737BD9E@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 20504 >Category: misc >Synopsis: [PATCH] ssh (openssh) cannot connect to sshd (ssh.com) using kerberos5 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Aug 09 07:20:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Mark Andrews >Release: 4.1 STABLE >Organization: Nominum >Environment: FreeBSD drugs.dv.isc.org 4.1-STABLE FreeBSD 4.1-STABLE #0: Tue Aug 8 18:01:02 EST 2000 marka@drugs.dv.isc.org:/usr/obj/usr/src/sys/DRUGS i386 >Description: openssh and ssh.com disagree about which protocol values should be used w/ kerberos5. The patch below allows ssh from openssh to connect to sshd from ssh.com. >How-To-Repeat: Find a site running a sshd from ssh.com and try to connect to it with ssh (openssh) compiled w/ kerberos5. /etc/make.conf MAKE_KERBEROS5= yes apply fixes in misc/20502 and misc/18995 ~/.ssh/config kerberos5authentication yes kerberos5tgtpassing yes >Fix: ZGlmZiAtdXIgY3J5cHRvL29wZW5zc2gvcmVhZGNvbmYuYyBjcnlwdG8vb3BlbnNzaC9yZWFk Y29uZi5jCi0tLSBjcnlwdG8vb3BlbnNzaC9yZWFkY29uZi5jCU1vbiBKdWwgMzEgMTc6NDc6 MzcgMjAwMAorKysgY3J5cHRvL29wZW5zc2gvcmVhZGNvbmYuYwlXZWQgQXVnICA5IDIyOjUx OjA5IDIwMDAKQEAgLTk4LDcgKzk4LDcgQEAKIAlvS3JiNEF1dGhlbnRpY2F0aW9uLAogI2Vu ZGlmIC8qIEtSQjQgKi8KICNpZmRlZiBLUkI1Ci0Jb0tyYjVBdXRoZW50aWNhdGlvbiwgb0ty YjVUZ3RQYXNzaW5nLAorCW9LcmI1QXV0aGVudGljYXRpb24sIG9LcmI1VGd0UGFzc2luZywg b0tyYjVPdmVyS3JiNCwKICNlbmRpZiAvKiBLUkI1ICovCiAjaWZkZWYgQUZTCiAJb0tyYjRU Z3RQYXNzaW5nLCBvQUZTVG9rZW5QYXNzaW5nLApAQCAtMTMzLDYgKzEzMyw3IEBACiAjaWZk ZWYgS1JCNQogCXsgImtlcmJlcm9zNWF1dGhlbnRpY2F0aW9uIiwgb0tyYjVBdXRoZW50aWNh dGlvbiB9LAogCXsgImtlcmJlcm9zNXRndHBhc3NpbmciLCBvS3JiNVRndFBhc3NpbmcgfSwK Kwl7ICJrZXJiZXJvczVvdmVya2VyYmVyb3M0Iiwgb0tyYjVPdmVyS3JiNCB9LAogI2VuZGlm IC8qIEtSQjUgKi8KICNpZmRlZiBBRlMKIAl7ICJrZXJiZXJvczR0Z3RwYXNzaW5nIiwgb0ty YjRUZ3RQYXNzaW5nIH0sCkBAIC0zMzEsNiArMzMyLDEwIEBACiAJY2FzZSBvS3JiNVRndFBh c3Npbmc6CiAJCWludHB0ciA9ICZvcHRpb25zLT5rcmI1X3RndF9wYXNzaW5nOwogCQlnb3Rv IHBhcnNlX2ZsYWc7CisKKwljYXNlIG9LcmI1T3ZlcktyYjQ6CisJCWludHB0ciA9ICZvcHRp b25zLT5rcmI1X292ZXJfa3JiNDsKKwkJZ290byBwYXJzZV9mbGFnOwogI2VuZGlmIC8qIEtS QjUgKi8KIAogI2lmZGVmIEFGUwpAQCAtNjc0LDYgKzY3OSw3IEBACiAjaWZkZWYgS1JCNQog CW9wdGlvbnMtPmtyYjVfYXV0aGVudGljYXRpb24gPSAtMTsKIAlvcHRpb25zLT5rcmI1X3Rn dF9wYXNzaW5nID0gLTE7CisJb3B0aW9ucy0+a3JiNV9vdmVyX2tyYjQgPSAtMTsKICNlbmRp ZiAvKiBLUkI1ICovCiAjaWZkZWYgQUZTCiAJb3B0aW9ucy0+a3JiNF90Z3RfcGFzc2luZyA9 IC0xOwpAQCAtNzQzLDYgKzc0OSw4IEBACiAJCW9wdGlvbnMtPmtyYjVfYXV0aGVudGljYXRp b24gPSAxOwogCWlmIChvcHRpb25zLT5rcmI1X3RndF9wYXNzaW5nID09IC0xKQogCQlvcHRp b25zLT5rcmI1X3RndF9wYXNzaW5nID0gMTsKKwlpZiAob3B0aW9ucy0+a3JiNV9vdmVyX2ty YjQgPT0gLTEpCisJCW9wdGlvbnMtPmtyYjVfb3Zlcl9rcmI0ID0gMDsKICNlbmRpZiAvKiBL UkI1ICovCiAjaWZkZWYgQUZTCiAJaWYgKG9wdGlvbnMtPmtyYjRfdGd0X3Bhc3NpbmcgPT0g LTEpCmRpZmYgLXVyIGNyeXB0by9vcGVuc3NoL3JlYWRjb25mLmggY3J5cHRvL29wZW5zc2gv cmVhZGNvbmYuaAotLS0gY3J5cHRvL29wZW5zc2gvcmVhZGNvbmYuaAlGcmkgSnVuICA5IDE3 OjEwOjIwIDIwMDAKKysrIGNyeXB0by9vcGVuc3NoL3JlYWRjb25mLmgJV2VkIEF1ZyAgOSAy Mjo0Mzo0MCAyMDAwCkBAIC00Nyw2ICs0Nyw3IEBACiAjaWZkZWYgS1JCNQogCWludAlrcmI1 X2F1dGhlbnRpY2F0aW9uOwogCWludAlrcmI1X3RndF9wYXNzaW5nOworCWludAlrcmI1X292 ZXJfa3JiNDsKICNlbmRpZiAvKiBLUkI1ICovCiAKICNpZmRlZiBBRlMKZGlmZiAtdXIgY3J5 cHRvL29wZW5zc2gvc3NoY29ubmVjdC5jIGNyeXB0by9vcGVuc3NoL3NzaGNvbm5lY3QuYwot LS0gY3J5cHRvL29wZW5zc2gvc3NoY29ubmVjdC5jCUZyaSBKdW4gIDkgMTc6MTA6MjEgMjAw MAorKysgY3J5cHRvL29wZW5zc2gvc3NoY29ubmVjdC5jCVdlZCBBdWcgIDkgMjM6MDE6MDEg MjAwMApAQCAtNzI0LDcgKzcyNCw4IEBACiAgICAgIGdvdG8gb3V0OwogICB9CiAgIAotICBw YWNrZXRfc3RhcnQoU1NIX0NNU0dfQVVUSF9LUkI1KTsKKyAgcGFja2V0X3N0YXJ0KG9wdGlv bnMua3JiNV9vdmVyX2tyYjQgPworCSAgICAgICBTU0hfQ01TR19BVVRIX0tSQjQgOiBTU0hf Q01TR19BVVRIX0tSQjUpOwogICBwYWNrZXRfcHV0X3N0cmluZygoY2hhciAqKSBhcC5kYXRh LCBhcC5sZW5ndGgpOwogICBwYWNrZXRfc2VuZCgpOwogICBwYWNrZXRfd3JpdGVfd2FpdCgp OwpAQCAtNzQwLDYgKzc0MSwxMSBAQAogICAgICAgICAgICAgICAgIHJldCA9IDA7CiAgICAg ICAgICAgICAgICAgYnJlYWs7CiAKKyAgICAgICAgIGNhc2UgU1NIX1NNU0dfQVVUSF9LUkI0 X1JFU1BPTlNFOgorCQlpZiAoIW9wdGlvbnMua3JiNV9vdmVyX2tyYjQpCisJCQlnb3RvIGZh aWw7CisJCS8qRkFMTFRIUk9VR0gqLworCiAgICAgICAgICBjYXNlIFNTSF9TTVNHX0FVVEhf S1JCNV9SRVNQT05TRToKICAgICAgICAgICAgICAgICAvKiBTU0hfU01TR19BVVRIX0tSQjVf U1VDQ0VTUyAqLwogICAgICAgICAgICAgICAgIGRlYnVnKCJLZXJiZXJvcyBWNSBhdXRoZW50 aWNhdGlvbiBhY2NlcHRlZC4iKTsKQEAgLTc1OCw2ICs3NjQsNyBAQAogCQlicmVhazsKIAkK IAlkZWZhdWx0OgorCWZhaWw6CiAJCXBhY2tldF9kaXNjb25uZWN0KCJQcm90b2NvbCBlcnJv ciBvbiBLZXJiZXJvcyBWNSByZXNwb25zZTogJWQiLCB0eXBlKTsKIAkJcmV0ID0gMDsgCiAJ CWJyZWFrOwpAQCAtODUyLDcgKzg1OSw4IEBACiAgICAgIGdvdG8gb3V0OwogICB9CiAgIAot ICBwYWNrZXRfc3RhcnQoU1NIX0NNU0dfSEFWRV9LUkI1X1RHVCk7CisgIHBhY2tldF9zdGFy dChvcHRpb25zLmtyYjVfb3Zlcl9rcmI0ID8KKwkgICAgICAgU1NIX0NNU0dfSEFWRV9LUkI0 X1RHVCA6IFNTSF9DTVNHX0hBVkVfS1JCNV9UR1QpOwogICBwYWNrZXRfcHV0X3N0cmluZygo Y2hhciAqKW91dGJ1Zi5kYXRhLCBvdXRidWYubGVuZ3RoKTsKICAgcGFja2V0X3NlbmQoKTsK ICAgcGFja2V0X3dyaXRlX3dhaXQoKTsKZGlmZiAtdXIgY3J5cHRvL29wZW5zc2gvc3NoY29u bmVjdDEuYyBjcnlwdG8vb3BlbnNzaC9zc2hjb25uZWN0MS5jCi0tLSBjcnlwdG8vb3BlbnNz aC9zc2hjb25uZWN0MS5jCUZyaSBKdW4gIDkgMTc6MTA6MjEgMjAwMAorKysgY3J5cHRvL29w ZW5zc2gvc3NoY29ubmVjdDEuYwlXZWQgQXVnICA5IDIzOjA1OjIyIDIwMDAKQEAgLTk1OSw3 ICs5NTksOSBAQAogI2VuZGlmIC8qIEtSQjQgKi8KIAogI2lmZGVmIEtSQjUKLQlpZiAoKHN1 cHBvcnRlZF9hdXRoZW50aWNhdGlvbnMgJiAoMSA8PCBTU0hfQVVUSF9LUkI1KSkgJiYKKwlp ZiAoKChzdXBwb3J0ZWRfYXV0aGVudGljYXRpb25zICYgKDEgPDwgU1NIX0FVVEhfS1JCNSkp IHx8CisJICAgICAoKHN1cHBvcnRlZF9hdXRoZW50aWNhdGlvbnMgJiAoMSA8PCBTU0hfQVVU SF9LUkI0KSkgJiYKKwkgICAgICBvcHRpb25zLmtyYjVfb3Zlcl9rcmI0KSkgJiYKIAkgICAg IG9wdGlvbnMua3JiNV9hdXRoZW50aWNhdGlvbil7CiAJCWtyYjVfY29udGV4dCBzc2hfY29u dGV4dCA9IE5VTEw7CiAJCWtyYjVfYXV0aF9jb250ZXh0IGF1dGhfY29udGV4dCA9IE5VTEw7 Cg== >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000809141817.266F737BD9E>