patch to ssh.c for KerberosTgtPassing and readability patches for config files and manpages

David M. Williams d_wllms at lanl.gov
Sat Aug 10 07:51:42 EST 2002


Hey All,
    Found a very minor problem with client implementation of 
KerberosTgtPassing command line flag in ssh.c (first diff).  We also 
made some readability patches to the config files and manpages to make 
the option clearer (the remainder of the diffs).

diffs are against -current


Index: ssh.c
===================================================================
RCS file: /cvs/openssh/ssh.c,v
retrieving revision 1.158
diff -u -r1.158 ssh.c
--- ssh.c       23 Jul 2002 21:03:03 -0000      1.158
+++ ssh.c       9 Aug 2002 21:43:30 -0000
@@ -159,8 +159,8 @@
             _PATH_SSH_USER_CONFFILE);
        fprintf(stderr, "  -A          Enable authentication agent 
forwarding.\n");
        fprintf(stderr, "  -a          Disable authentication agent 
forwarding (default).\n");
-#ifdef AFS
-       fprintf(stderr, "  -k          Disable Kerberos ticket and AFS 
token forwarding.\n");
+#if defined (AFS) || defined (KRB5)
+       fprintf(stderr, "  -k          Disable SSH1 Kerberos V4/5 ticket 
and AFS token forwarding.\n");
 #endif                         /* AFS */
        fprintf(stderr, "  -X          Enable X11 connection 
forwarding.\n");
        fprintf(stderr, "  -x          Disable X11 connection forwarding 
(default).\n");
@@ -312,7 +312,7 @@
                case 'A':
                        options.forward_agent = 1;
                        break;
-#ifdef AFS
+#if defined (AFS) || defined (KRB5)
                case 'k':
                        options.kerberos_tgt_passing = 0;
                        options.afs_token_passing = 0;
Index: ssh.1
===================================================================
RCS file: /cvs/openssh/ssh.1,v
retrieving revision 1.119
diff -u -r1.119 ssh.1
--- ssh.1       23 Jun 2002 00:32:12 -0000      1.119
+++ ssh.1       9 Aug 2002 21:43:29 -0000
@@ -471,7 +471,7 @@
 should use to communicate with a smartcard used for storing the user's
 private RSA key.
 .It Fl k
-Disables forwarding of Kerberos tickets and AFS tokens.
+Disables forwarding of Kerberos V4/5 tickets and AFS tokens under SSH 
protocol 1.
 This may also be specified on a per-host basis in the configuration file.
 .It Fl l Ar login_name
 Specifies the user to log in as on the remote machine.
Index: ssh_config.5
===================================================================
RCS file: /cvs/openssh/ssh_config.5,v
retrieving revision 1.1
diff -u -r1.1 ssh_config.5
--- ssh_config.5        21 Jun 2002 00:59:06 -0000      1.1
+++ ssh_config.5        9 Aug 2002 21:43:30 -0000
@@ -355,8 +355,8 @@
 or
 .Dq no .
 .It Cm KerberosTgtPassing
-Specifies whether a Kerberos TGT will be forwarded to the server.
-This will only work if the Kerberos server is actually an AFS kaserver.
+Specifies whether Kerberos V4/5 TGT's will be forwarded to the server.
+This will only work with Kerberos V4 if the KDC is an AFS kaserver.
 The argument to this keyword must be
 .Dq yes
 or
Index: sshd_config
===================================================================
RCS file: /cvs/openssh/sshd_config,v
retrieving revision 1.53
diff -u -r1.53 sshd_config
--- sshd_config 1 Aug 2002 01:28:39 -0000       1.53
+++ sshd_config 9 Aug 2002 21:43:30 -0000
@@ -66,7 +66,8 @@
 
 #AFSTokenPassing no
 
-# Kerberos TGT Passing only works with the AFS kaserver
+# Specifies whether Kerberos V4/5 TGT's can be forwarded to the server.
+# Kerberos V4 TGT passing only works when KDC is an AFS kaserver.
 #KerberosTgtPassing no
 
 # Set this to 'yes' to enable PAM keyboard-interactive authentication
Index: sshd_config.5
===================================================================
RCS file: /cvs/openssh/sshd_config.5,v
retrieving revision 1.5
diff -u -r1.5 sshd_config.5
--- sshd_config.5       1 Aug 2002 01:28:39 -0000       1.5
+++ sshd_config.5       9 Aug 2002 21:43:30 -0000
@@ -320,10 +320,10 @@
 Default is
 .Dq yes .
 .It Cm KerberosTgtPassing
-Specifies whether a Kerberos TGT may be forwarded to the server.
+Specifies whether Kerberos V4/5 TGT's may be forwarded to the server.
 Default is
-.Dq no ,
-as this only works when the Kerberos KDC is actually an AFS kaserver.
+.Dq no .
+This will only work with Kerberos V4 if the KDC is an AFS kaserver.
 .It Cm KerberosTicketCleanup
 Specifies whether to automatically destroy the user's ticket cache
 file on logout.





More information about the openssh-unix-dev mailing list