GSSAPI patch sync from OpenBSD to Portable
Steven Michaud
smichaud at pobox.com
Sat Aug 23 05:37:30 EST 2003
See my note to this list "Re: updated gssapi diff" dated "2003-08-19
18:51:02". In order for MIT support not to be broken, you need the
patch from Douglas Engert mentioned in my note.
Also, in session.c the calls to ssh_gssapi_storecreds() need to come
before the calls to do_pam_session(), so that PAM can make use of any
gssapi credentials that may get stored in a per-session cache.
With these two changes, your openssh-gssapi-port.patch will look
something like what I've attached below.
Finally, I notice that you _did_ include one bit of PAM support from
Simon Wilkinson's patch -- on line 825 of configure.ac you add the line
"AC_CHECK_FUNCS(pam_putenv)". If you're willing to go that far, why not
go all the way? The only additional work is to copy Simon's
do_pam_putenv() to auth-pam.c, put a definition of this function into
auth-pam.h, and copy Simon's call to do_pam_putenv() to
ssh_gssapi_krb5_storecreds() in gss-serv-krb5.c.
> The PAM support is not there and gss-serv-krb5.c is broken somehow
> ("macro "krb5_cc_gen_new" passed 3 arguments, but takes just 2"). I know
> approximately zero Kerberos and I'm hoping someone who knows what they're
> doing can help sort this out. Any takers?
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-gssapi-port.fixed.txt
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030822/33b8ab82/attachment.txt
More information about the openssh-unix-dev
mailing list