GSSAPI patch sync from OpenBSD to Portable

Steven Michaud smichaud at pobox.com
Sat Aug 23 13:48:19 EST 2003


I compiled and tested with this patch, and had no trouble.

I repeated a subset of the tests I talked about in my message of 8-19,
this time using a very simple PAM setup (no PAM Kerberos or anything
fancy) for some of them.

I worked with these three "packages":

1) openssh-SNAP-20030814, patched with Darren's
   openssh-gssapi-port2.patch
2) OpenSSH 3.6.1p2 patched with Simon Wilkinson's patch
3) OpenSSH 3.5p1 patched with Simon Wilkinson's patch

I used ssh from each of these three packages (compiled against either
the MIT libraries or the Heimdal ones) to connect to the sshd from the
first (compiled against the MIT libraries or the Heimdal ones, using
or not using a simple PAM setup).

GSSAPI, "Kerberos password" and "UNIX password" authentication all
worked (though my simple PAM setup prevented "Kerberos password"
authentication from working when I used PAM).  Credential forwarding
and per-session caches worked where applicable.

On Sat, 23 Aug 2003, Darren Tucker wrote:

> Steven Michaud wrote:
> > Shouldn't the last hunk of gss-serv-krb5.c be this:
>
> > +#ifdef USE_PAM
> > +       if (options.use_pam)
> > +          do_pam_putenv(client->store.envvar, client->store.envval);
> > +#endif
>
> Yes.
>
> Patch attached is based on Simon's, with that and the retabbifying Ben
> mentioned.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.




More information about the openssh-unix-dev mailing list