pubkey fingerprint and krb princ name in environment
Johannes Löthberg
johannes at kyriasis.com
Mon Dec 29 01:12:51 EST 2014
Hey,
I use gitolite for git hosting on my server, and because I want to use
kerberos authentication I patched OpenSSH to put the name of the
kerberos principal name or the ssh fingerprint as environment variables
so my ForceCommand script can use them to actually authorize the user by
the principal/fingerprint.
It’s a bit annoying to keep my own patch and I thought it might be
something that others might find useful too, so I thought I’d send an
email to see if there would be any interest in including this upstream.
Both patches are attached, the kerberos principal being made by Sven
Geggus, an the pubkey fingerprint one being written by me. Any comments
on both would be well appreciated.
--
Sincerely,
Johannes Löthberg
PGP Key ID: 0x50FB9B273A9D0BB5
https://theos.kyriasis.com/~kyrias/
-------------- next part --------------
--- gss-serv-krb5.c.orig 2012-07-12 14:33:31.117551679 +0200
+++ gss-serv-krb5.c 2012-07-12 14:34:30.319020970 +0200
@@ -104,6 +104,11 @@
} else
retval = 0;
+#ifdef USE_PAM
+ if (options.use_pam)
+ do_pam_putenv("GSS_AUTH_KRB5_PRINC", (char *)client->displayname.value);
+#endif
+
krb5_free_principal(krb_context, princ);
return retval;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pubkey_fingerprint.patch
Type: text/x-diff
Size: 361 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141228/a4082cbc/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 1495 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141228/a4082cbc/attachment-0001.bin>
More information about the openssh-unix-dev
mailing list