[kouril: Re: [Fwd: Kerberos buglet in OpenSSH-3.3p1]]

Daniel Kouril kouril at ics.muni.cz
Wed Jun 26 20:38:29 EST 2002


resending to the whole mailing list ..
----- Forwarded message from kouril -----

Date: Wed, 26 Jun 2002 11:50:14 +0200
To: Damien Miller <djm at mindrot.org>
Subject: Re: [Fwd: Kerberos buglet in OpenSSH-3.3p1]
User-Agent: Mutt/1.2.5i
In-Reply-To: <1025084114.12959.0.camel at mothra.mindrot.org>; from djm at mindrot.org on Wed, Jun 26, 2002 at 07:35:14PM +1000

On Wed, Jun 26, 2002 at 07:35:14PM +1000, Damien Miller wrote:
> Can anyone with Heimdal KrbV verify this?

Content-Description: Forwarded message - Kerberos buglet in OpenSSH-3.3p1
> X-URL: http://www.ofug.org/~des/
> X-Disclaimer: The views expressed in this message do not necessarily
> 	coincide with those of any organisation or company with which I am or have
> 	been affiliated.
> To: djm at mindrot.org
> Subject: Kerberos buglet in OpenSSH-3.3p1
> From: Dag-Erling Smorgrav <des at ofug.org>
> Date: 25 Jun 2002 14:52:10 +0200
> User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2
> 
> servconf.c includes the wrong header for Kerberos V:
> 
> --- servconf.c   24 Jun 2002 22:46:15 -0000      1.111
> +++ servconf.c   25 Jun 2002 01:16:22 -0000
> @@ -17,7 +17,7 @@
>  #endif
>  #if defined(KRB5)
>  #ifdef HEIMDAL
> -#include <krb.h>
> +#include <krb5.h>
>  #else
>  /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
>   * keytab */
> 
I don't know why KEYFILE is defined at all. It's not used anywhere in ssh. I
think it's a legacy definition from (approx.) 3.0.2p1 , where existence of 
the file was tested during testing whether or not to use Kerberos.

So, the answer is yes, you can change it. But you also can remove the 
#include entirely.

--
Dan

----- End forwarded message -----



More information about the openssh-unix-dev mailing list