[PATCH] Re: Kerberos support for portable
Simon Wilkinson
sxw at dcs.ed.ac.uk
Sat Nov 17 22:40:51 EST 2001
> FWIW, here are further patches which allow openssh-3.0p1 to work
> with paleo-MIT Kerberos5 1.0.6, more or less (more with tickets
> and less with the auth_krb5_password {get,verify}_init_creds stuff).
Thanks for these. Unfortunately, your vrs patches seem to be based on
an earlier version of my patch than the one you're bundling. In particular,
your patch adds back in the incorrect replay cache code (it uses the wrong
cache name), and takes out the use_uid calls that are necessary to make
verify_init_creds() work correctly. It also adds back in the xfree() calls
in auth1.c that I removed - these have to be removed to make it work reliably.
Finally there are a couple of patches to the rijandel code that don't seem
related?
I am right in thinking that the basic change that is required is to
conditionally remove auth_krb5_password (or just make it a stub that
does nothing useful) if built against old MIT Kerberoses?
Cheers,
Simon.
More information about the openssh-unix-dev
mailing list