bugzilla-daemon at bugzilla.mindrot.org
2016-Nov-09 14:55 UTC
[Bug 2637] New: GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637 Bug ID: 2637 Summary: GSSAPIStrictAcceptorCheck should default to 'yes' Product: Portable OpenSSH Version: 7.3p1 Hardware: Sparc OS: Solaris Status: NEW Severity: minor Priority: P5 Component: Kerberos support Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com When GSSAPIStrictAcceptorCheck is not explicitely specified, the default value should be yes. It is documented in sshd_config(5) this way and it preserves original behavior. Also GSSAPIStrictAcceptorCheck=no interacts poorly with GSSAPIKeyExchange, where it make the server willing to negotiate GSS-API key exchange, although no keytab was provided. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Nov-09 14:56 UTC
[Bug 2637] GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637 Tomas Kuthan <tomas.kuthan at oracle.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tomas.kuthan at oracle.com --- Comment #1 from Tomas Kuthan <tomas.kuthan at oracle.com> --- Created attachment 2889 --> https://bugzilla.mindrot.org/attachment.cgi?id=2889&action=edit GSSAPIStrictAcceptorCheck=yes by default -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jan-06 03:32 UTC
[Bug 2637] GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org, | |dtucker at zip.com.au Attachment #2889| |ok?(dtucker at zip.com.au) Flags| | --- Comment #2 from Damien Miller <djm at mindrot.org> --- Comment on attachment 2889 --> https://bugzilla.mindrot.org/attachment.cgi?id=2889 GSSAPIStrictAcceptorCheck=yes by default This seems reasonable to me. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jan-06 03:32 UTC
[Bug 2637] GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2647 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2647 [Bug 2647] Tracking bug for OpenSSH 7.5 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jan-06 03:36 UTC
[Bug 2637] GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2889|ok?(dtucker at zip.com.au) |ok+ Flags| | -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jan-06 03:46 UTC
[Bug 2637] GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #3 from Damien Miller <djm at mindrot.org> --- applied - thanks -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:09 UTC
[Bug 2637] GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 2376] New: Add compile time option to disable Curve25519
- [Bug 2299] New: Disable uid=0 resetting test on Solaris
- [Bug 2719] New: Notify user, when ssh transport process dies.
- [Bug 2101] New: Unaligned memory access on sparc in UMAC implemetation
- [Bug 2636] New: Fix X11 forwarding, when ::1 is not configured