GSSAPI patch sync from OpenBSD to Portable
Ben Lindstrom
mouring at etoh.eviladmin.org
Sat Aug 23 05:58:54 EST 2003
KNF the gss_serv_krb5.c code please before you commit it.
Missing a license for makegssname.pl Also, any reason why this is not
included in the OpenBSD tree? If it is important it should be included
upstream.
- Ben
On Fri, 22 Aug 2003, Steven Michaud wrote:
> See my note to this list "Re: updated gssapi diff" dated "2003-08-19
> 18:51:02". In order for MIT support not to be broken, you need the
> patch from Douglas Engert mentioned in my note.
>
> Also, in session.c the calls to ssh_gssapi_storecreds() need to come
> before the calls to do_pam_session(), so that PAM can make use of any
> gssapi credentials that may get stored in a per-session cache.
>
> With these two changes, your openssh-gssapi-port.patch will look
> something like what I've attached below.
>
> Finally, I notice that you _did_ include one bit of PAM support from
> Simon Wilkinson's patch -- on line 825 of configure.ac you add the line
> "AC_CHECK_FUNCS(pam_putenv)". If you're willing to go that far, why not
> go all the way? The only additional work is to copy Simon's
> do_pam_putenv() to auth-pam.c, put a definition of this function into
> auth-pam.h, and copy Simon's call to do_pam_putenv() to
> ssh_gssapi_krb5_storecreds() in gss-serv-krb5.c.
>
> > The PAM support is not there and gss-serv-krb5.c is broken somehow
> > ("macro "krb5_cc_gen_new" passed 3 arguments, but takes just 2"). I know
> > approximately zero Kerberos and I'm hoping someone who knows what they're
> > doing can help sort this out. Any takers?
>
>
More information about the openssh-unix-dev
mailing list