Date: Wed, 23 Feb 2005 21:28:57 -0800 From: Peter Losher <Peter_Losher@isc.org> To: ports@freebsd.org Subject: Patch to enable GSSAPI bits in openssh-portable Message-ID: <421D6619.3020502@isc.org>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigF9DE48623C7EA7560CC23E73 Content-Type: multipart/mixed; boundary="------------050308000803090209060004" This is a multi-part message in MIME format. --------------050308000803090209060004 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi - Attached are patches to ssh{d}_config to enable the relevant bits when you compile Krb5/GSSAPI support in. (currently they are turned off) They also enable PermitRootLogin without-password (for those who want to allow authentication w/ a Krb5 ticket @root) Please consider these patches for inclusion into the openssh-portable port (when Krb5 support is detected and compiled in) Best Wishes - Peter -- Peter_Losher@isc.org | ISC | OpenPGP 0xE8048D08 | "The bits must flow" --------------050308000803090209060004 Content-Type: text/plain; name="patch-ssh_config+gssapi" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="patch-ssh_config+gssapi" --- ssh_config.orig Fri Feb 18 21:11:35 2005 +++ ssh_config Fri Feb 18 21:12:03 2005 @@ -35,3 +35,4 @@ # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ +GSSAPIAuthentication yes --------------050308000803090209060004 Content-Type: text/plain; name="patch-sshd_config+gssapi" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="patch-sshd_config+gssapi" --- sshd_config.orig Fri Feb 18 21:10:13 2005 +++ sshd_config Fri Feb 18 21:11:28 2005 @@ -34,7 +34,7 @@ #LoginGraceTime 2m #PermitRootLogin yes -PermitRootLogin no +PermitRootLogin without-password #StrictModes yes #MaxAuthTries 6 @@ -61,13 +61,13 @@ ChallengeResponseAuthentication no # Kerberos options -#KerberosAuthentication no +KerberosAuthentication yes #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options -#GSSAPIAuthentication no +GSSAPIAuthentication yes #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, --------------050308000803090209060004-- --------------enigF9DE48623C7EA7560CC23E73 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCHWYePtVx9OgEjQgRAooqAJ92KJmiXgYvf/H+rj/CHDhGDUVuIgCguGp3 nGIoG9kVAjFhbljRh73Do5M= =SCJp -----END PGP SIGNATURE----- --------------enigF9DE48623C7EA7560CC23E73--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?421D6619.3020502>