Date: Wed, 23 Feb 2005 21:28:57 -0800 From: Peter Losher <Peter_Losher@isc.org> To: ports@freebsd.org Subject: Patch to enable GSSAPI bits in openssh-portable Message-ID: <421D6619.3020502@isc.org>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF9DE48623C7EA7560CC23E73
Content-Type: multipart/mixed;
boundary="------------050308000803090209060004"
This is a multi-part message in MIME format.
--------------050308000803090209060004
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hi -
Attached are patches to ssh{d}_config to enable the relevant bits when
you compile Krb5/GSSAPI support in. (currently they are turned off)
They also enable PermitRootLogin without-password (for those who want to
allow authentication w/ a Krb5 ticket @root)
Please consider these patches for inclusion into the openssh-portable
port (when Krb5 support is detected and compiled in)
Best Wishes - Peter
--
Peter_Losher@isc.org | ISC | OpenPGP 0xE8048D08 | "The bits must flow"
--------------050308000803090209060004
Content-Type: text/plain;
name="patch-ssh_config+gssapi"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="patch-ssh_config+gssapi"
--- ssh_config.orig Fri Feb 18 21:11:35 2005
+++ ssh_config Fri Feb 18 21:12:03 2005
@@ -35,3 +35,4 @@
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
+GSSAPIAuthentication yes
--------------050308000803090209060004
Content-Type: text/plain;
name="patch-sshd_config+gssapi"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="patch-sshd_config+gssapi"
--- sshd_config.orig Fri Feb 18 21:10:13 2005
+++ sshd_config Fri Feb 18 21:11:28 2005
@@ -34,7 +34,7 @@
#LoginGraceTime 2m
#PermitRootLogin yes
-PermitRootLogin no
+PermitRootLogin without-password
#StrictModes yes
#MaxAuthTries 6
@@ -61,13 +61,13 @@
ChallengeResponseAuthentication no
# Kerberos options
-#KerberosAuthentication no
+KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
-#GSSAPIAuthentication no
+GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
--------------050308000803090209060004--
--------------enigF9DE48623C7EA7560CC23E73
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iD8DBQFCHWYePtVx9OgEjQgRAooqAJ92KJmiXgYvf/H+rj/CHDhGDUVuIgCguGp3
nGIoG9kVAjFhbljRh73Do5M=
=SCJp
-----END PGP SIGNATURE-----
--------------enigF9DE48623C7EA7560CC23E73--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?421D6619.3020502>