[Bug 2637] New: GSSAPIStrictAcceptorCheck should default to 'yes'

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Nov 10 01:55:01 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2637

            Bug ID: 2637
           Summary: GSSAPIStrictAcceptorCheck should default to 'yes'
           Product: Portable OpenSSH
           Version: 7.3p1
          Hardware: Sparc
                OS: Solaris
            Status: NEW
          Severity: minor
          Priority: P5
         Component: Kerberos support
          Assignee: unassigned-bugs at mindrot.org
          Reporter: tomas.kuthan at oracle.com

When GSSAPIStrictAcceptorCheck is not explicitely specified, the
default value should be yes. It is documented in  sshd_config(5) this
way and it preserves original behavior.

Also GSSAPIStrictAcceptorCheck=no interacts poorly with
GSSAPIKeyExchange, where it make the server willing to negotiate
GSS-API key exchange, although no keytab was provided.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list