bugzilla-daemon at mindrot.org
2013-Jan-16 13:55 UTC
[Bug 2063] New: RFE: export principal which was used for .k5login
https://bugzilla.mindrot.org/show_bug.cgi?id=2063 Bug ID: 2063 Summary: RFE: export principal which was used for .k5login Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Kerberos support Assignee: unassigned-bugs at mindrot.org Reporter: enrico.scholz at sigma-chemnitz.de It would be nice to have information which principal was used for log in via .k5login. E.g. 'gitolite' uses by default ssh public keys (where real identity can be easily recorded by environment/commands in ~/.ssh/authorized_keys) and it will be trivial to implement a similar mechanism for kerberos auth, when original principal is exported somehow. A patch is available at http://geggus.net/sven/blogfiles/GSS_AUTH_KRB5_PRINC-env4openssh.diff See http://blog.gegg.us/2012/07/using-gitolite-with-kerberos-authentication/ https://groups.google.com/forum/?fromgroups=#!topic/comp.protocols.kerberos/6b7tSA-og0k for some more discussions. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2013-Jun-27 20:36 UTC
[Bug 2063] RFE: export principal which was used for .k5login
https://bugzilla.mindrot.org/show_bug.cgi?id=2063 Anders Kaseorg <andersk at mit.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |andersk at mit.edu --- Comment #1 from Anders Kaseorg <andersk at mit.edu> --- For scripts.mit.edu we wrote this patch that doesn?t specifically depend on PAM or krb5: https://scripts.mit.edu/trac/browser/trunk/server/common/patches/openssh-4.7p1-gssapi-name-in-env.patch -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Apr-10 18:51 UTC
[Bug 2063] RFE: export principal which was used for .k5login
https://bugzilla.mindrot.org/show_bug.cgi?id=2063 Karl Kornel <akkornel at stanford.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |akkornel at stanford.edu --- Comment #2 from Karl Kornel <akkornel at stanford.edu> --- Created attachment 2580 --> https://bugzilla.mindrot.org/attachment.cgi?id=2580&action=edit Patch from openssh-portable tree at commit e7bf3a5eda I've also got a patch for this. This patch was made from the current openssh-portable tree, as of commit e7bf3a5eda. This patch introduces a new option, GSSAPISetEnv. By default, the option is disabled. If the option is enabled, then the environment variable SSH_GSSAPI_DISPLAYNAME will be set when the user authenticates using GSSAPI. The environment variable is also made available to the PAM environment, if PAM is enabled. In my case, I went for the GSSAPI display name because I saw it was being used in debug messages (gss-serv-krb5.c lines 104-105). I also saw the display name being made available in gsasl (http://www.gnu.org/software/gsasl/manual/html_node/Properties.html, talking about the GSASL_GSSAPI_DISPLAY_NAME property). -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-14 19:31 UTC
[Bug 2063] RFE: export principal which was used for .k5login
https://bugzilla.mindrot.org/show_bug.cgi?id=2063 Fran?ois <fccagou at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fccagou at gmail.com --- Comment #3 from Fran?ois <fccagou at gmail.com> --- This feature should be welcome for me too. Is there any reason why the patches are not accepted ? -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Dec-27 22:41 UTC
[Bug 2063] RFE: export principal which was used for .k5login
https://bugzilla.mindrot.org/show_bug.cgi?id=2063 PatRiehecky <jcpunk at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jcpunk at gmail.com -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Feb-06 16:51 UTC
[Bug 2063] RFE: export principal which was used for .k5login
https://bugzilla.mindrot.org/show_bug.cgi?id=2063 --- Comment #4 from PatRiehecky <jcpunk at gmail.com> --- Circling back around to this bug. Any chance this could be considered for a future release? -- You are receiving this mail because: You are watching the assignee of the bug.
Apparently Analagous Threads
- [Bug 2610] New: ssh should not complain about "no slots" when PKCS11Provider is specified, but no slot is found nor used
- Bug#526833: Please update to Xen 3.3.1
- Serial console hangs with Linux 2.6.20 HVM guest
- Update .k5login with Puppet
- Kerberos/GSSAPI auth via .k5login file