GSSAPI patch sync from OpenBSD to Portable

Steven Michaud smichaud at pobox.com
Sat Aug 23 06:41:02 EST 2003 

> Missing a license for makegssname.pl

I don't know what this is used for, nothing else in Simon Wilkinson's
patch refers to it, and Google doesn't find any references to it
except as part of OpenSSH with Simon's patch.

My guess is you can drop it.  But if I'm wrong, someone else do please
chime up.

> Also, any reason why this is not included in the OpenBSD tree?  If
> it is important it should be included upstream.

Douglas Engert's patch (to ssh_gssapi_krb5_storecreds() in
gss-serv-krb5.c) only has any effect when you compile against the MIT
libraries.  It's not needed in "non-portable", which just assumes the
Heimdal libraries are present if you define KRB5.

On Fri, 22 Aug 2003, Ben Lindstrom wrote:

>
> KNF the gss_serv_krb5.c code please before you commit it.
>
> Missing a license for makegssname.pl  Also, any reason why this is not
> included in the OpenBSD tree?  If it is important it should be included
> upstream.
>
> - Ben
>
> On Fri, 22 Aug 2003, Steven Michaud wrote:
>
> > See my note to this list "Re: updated gssapi diff" dated "2003-08-19
> > 18:51:02".  In order for MIT support not to be broken, you need the
> > patch from Douglas Engert mentioned in my note.
> >
> > Also, in session.c the calls to ssh_gssapi_storecreds() need to come
> > before the calls to do_pam_session(), so that PAM can make use of any
> > gssapi credentials that may get stored in a per-session cache.
> >
> > With these two changes, your openssh-gssapi-port.patch will look
> > something like what I've attached below.
> >
> > Finally, I notice that you _did_ include one bit of PAM support from
> > Simon Wilkinson's patch -- on line 825 of configure.ac you add the line
> > "AC_CHECK_FUNCS(pam_putenv)".  If you're willing to go that far, why not
> >   go all the way?  The only additional work is to copy Simon's
> > do_pam_putenv() to auth-pam.c, put a definition of this function into
> > auth-pam.h, and copy Simon's call to do_pam_putenv() to
> > ssh_gssapi_krb5_storecreds() in gss-serv-krb5.c.
> >
> > > 	The PAM support is not there and gss-serv-krb5.c is broken somehow
> > > ("macro "krb5_cc_gen_new" passed 3 arguments, but takes just 2").  I know
> > > approximately zero Kerberos and I'm hoping someone who knows what they're
> > > doing can help sort this out.  Any takers?
> >
> >
>
>
>

More information about the openssh-unix-dev mailing list