AFS and tokenforwarding
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Thu Oct 4 04:40:32 EST 2001
On 3 Oct 2001, Bjoern Groenvall wrote:
>
> I'm not sure I received the relevant emails pertaining to this
> discussion. Are you talking about the problems with including the
> required files under SunOS 5.7? Probably this is about some different
> issue?
>
> Cheers,
> Björn
>
Sorry about that.. Here is the attachment.. My mail program decided to eat
it for lunch. <sigh> Glad it was well feed.
I know nothing about this. Just trying to assure a correct solution is
proposed.
- Ben
--- openssh-2.9.9p2.orig/sshconnect1.c Sat Jul 14 04:17:00 2001
+++ openssh-2.9.9p2/sshconnect1.c Thu Sep 27 09:58:37 2001
@@ -1111,13 +1111,14 @@
ssh_userauth1(const char *local_user, const char *server_user, char *host,
Key **keys, int nkeys)
{
+
#ifdef KRB5
krb5_context context = NULL;
krb5_auth_context auth_context = NULL;
#endif
int i, type;
int payload_len;
-
+
if (supported_authentications == 0)
fatal("ssh_userauth1: server supports no auth methods");
@@ -1139,6 +1140,23 @@
goto success;
if (type != SSH_SMSG_FAILURE)
packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type);
+#ifdef AFS
+ /* Try Kerberos v4 TGT passing if the server supports it. */
+ if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
+ options.kerberos_tgt_passing) {
+ if (options.cipher == SSH_CIPHER_NONE)
+ log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
+ send_krb4_tgt();
+ }
+ /* Try AFS token passing if the server supports it. */
+
+ if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
+ options.afs_token_passing && k_hasafs()) {
+ if (options.cipher == SSH_CIPHER_NONE)
+ log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
+ send_afs_tokens();
+ }
+#endif /* AFS */
#ifdef KRB5
if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
@@ -1202,6 +1220,7 @@
goto success;
}
}
+
/* Try RSA authentication if the server supports it. */
if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
options.rsa_authentication) {
@@ -1226,6 +1245,7 @@
if (try_challenge_response_authentication())
goto success;
}
+
/* Try password authentication if the server supports it. */
if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
options.password_authentication && !options.batch_mode) {
@@ -1255,22 +1275,6 @@
krb5_free_context(context);
#endif
-#ifdef AFS
- /* Try Kerberos v4 TGT passing if the server supports it. */
- if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
- options.kerberos_tgt_passing) {
- if (options.cipher == SSH_CIPHER_NONE)
- log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
- send_krb4_tgt();
- }
- /* Try AFS token passing if the server supports it. */
- if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
- options.afs_token_passing && k_hasafs()) {
- if (options.cipher == SSH_CIPHER_NONE)
- log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
- send_afs_tokens();
- }
-#endif /* AFS */
return; /* need statement after label */
}
More information about the openssh-unix-dev
mailing list