patch to ssh.c for KerberosTgtPassing and readability patches for config files and manpages
David M. Williams
d_wllms at lanl.gov
Sat Aug 10 07:51:42 EST 2002
Hey All,
Found a very minor problem with client implementation of
KerberosTgtPassing command line flag in ssh.c (first diff). We also
made some readability patches to the config files and manpages to make
the option clearer (the remainder of the diffs).
diffs are against -current
Index: ssh.c
===================================================================
RCS file: /cvs/openssh/ssh.c,v
retrieving revision 1.158
diff -u -r1.158 ssh.c
--- ssh.c 23 Jul 2002 21:03:03 -0000 1.158
+++ ssh.c 9 Aug 2002 21:43:30 -0000
@@ -159,8 +159,8 @@
_PATH_SSH_USER_CONFFILE);
fprintf(stderr, " -A Enable authentication agent
forwarding.\n");
fprintf(stderr, " -a Disable authentication agent
forwarding (default).\n");
-#ifdef AFS
- fprintf(stderr, " -k Disable Kerberos ticket and AFS
token forwarding.\n");
+#if defined (AFS) || defined (KRB5)
+ fprintf(stderr, " -k Disable SSH1 Kerberos V4/5 ticket
and AFS token forwarding.\n");
#endif /* AFS */
fprintf(stderr, " -X Enable X11 connection
forwarding.\n");
fprintf(stderr, " -x Disable X11 connection forwarding
(default).\n");
@@ -312,7 +312,7 @@
case 'A':
options.forward_agent = 1;
break;
-#ifdef AFS
+#if defined (AFS) || defined (KRB5)
case 'k':
options.kerberos_tgt_passing = 0;
options.afs_token_passing = 0;
Index: ssh.1
===================================================================
RCS file: /cvs/openssh/ssh.1,v
retrieving revision 1.119
diff -u -r1.119 ssh.1
--- ssh.1 23 Jun 2002 00:32:12 -0000 1.119
+++ ssh.1 9 Aug 2002 21:43:29 -0000
@@ -471,7 +471,7 @@
should use to communicate with a smartcard used for storing the user's
private RSA key.
.It Fl k
-Disables forwarding of Kerberos tickets and AFS tokens.
+Disables forwarding of Kerberos V4/5 tickets and AFS tokens under SSH
protocol 1.
This may also be specified on a per-host basis in the configuration file.
.It Fl l Ar login_name
Specifies the user to log in as on the remote machine.
Index: ssh_config.5
===================================================================
RCS file: /cvs/openssh/ssh_config.5,v
retrieving revision 1.1
diff -u -r1.1 ssh_config.5
--- ssh_config.5 21 Jun 2002 00:59:06 -0000 1.1
+++ ssh_config.5 9 Aug 2002 21:43:30 -0000
@@ -355,8 +355,8 @@
or
.Dq no .
.It Cm KerberosTgtPassing
-Specifies whether a Kerberos TGT will be forwarded to the server.
-This will only work if the Kerberos server is actually an AFS kaserver.
+Specifies whether Kerberos V4/5 TGT's will be forwarded to the server.
+This will only work with Kerberos V4 if the KDC is an AFS kaserver.
The argument to this keyword must be
.Dq yes
or
Index: sshd_config
===================================================================
RCS file: /cvs/openssh/sshd_config,v
retrieving revision 1.53
diff -u -r1.53 sshd_config
--- sshd_config 1 Aug 2002 01:28:39 -0000 1.53
+++ sshd_config 9 Aug 2002 21:43:30 -0000
@@ -66,7 +66,8 @@
#AFSTokenPassing no
-# Kerberos TGT Passing only works with the AFS kaserver
+# Specifies whether Kerberos V4/5 TGT's can be forwarded to the server.
+# Kerberos V4 TGT passing only works when KDC is an AFS kaserver.
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
Index: sshd_config.5
===================================================================
RCS file: /cvs/openssh/sshd_config.5,v
retrieving revision 1.5
diff -u -r1.5 sshd_config.5
--- sshd_config.5 1 Aug 2002 01:28:39 -0000 1.5
+++ sshd_config.5 9 Aug 2002 21:43:30 -0000
@@ -320,10 +320,10 @@
Default is
.Dq yes .
.It Cm KerberosTgtPassing
-Specifies whether a Kerberos TGT may be forwarded to the server.
+Specifies whether Kerberos V4/5 TGT's may be forwarded to the server.
Default is
-.Dq no ,
-as this only works when the Kerberos KDC is actually an AFS kaserver.
+.Dq no .
+This will only work with Kerberos V4 if the KDC is an AFS kaserver.
.It Cm KerberosTicketCleanup
Specifies whether to automatically destroy the user's ticket cache
file on logout.
More information about the openssh-unix-dev
mailing list