bugzilla-daemon at bugzilla.mindrot.org
2009-Jul-10 00:21 UTC
[Bug 1620] New: GSSAPIDelegateCredentials fails silently when given non-forwardable tickets
https://bugzilla.mindrot.org/show_bug.cgi?id=1620
Summary: GSSAPIDelegateCredentials fails silently when given
non-forwardable tickets
Product: Portable OpenSSH
Version: 5.2p1
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Kerberos support
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: megacz at gmail.com
Executing
ssh -vvv -oGSSApiAuthentication=on -oGSSApiDelegateCredentials=on host
produces no error messages if the tickets in the client's credentials
cache are of the non-forwardable variety. I'm not sure if this is a
client or server bug, but one of them should produce some sort of
message to explain why the user winds up logged in with no tickets.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Sep-09 00:40 UTC
[Bug 1620] GSSAPIDelegateCredentials fails silently when given non-forwardable tickets
https://bugzilla.mindrot.org/show_bug.cgi?id=1620
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> 2009-09-09 10:40:54
EST ---
I don't think that there is any error here. Non-forwardable tickets are
not an error condition and neither is using GSSAPIDeletegateCredentials
with no forwardable tickets.
Also, it doesn't look like the GSSAPI provides an easy way for us to
identify this case (but I am no expert on it).
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Sep-09 18:01 UTC
[Bug 1620] GSSAPIDelegateCredentials fails silently when given non-forwardable tickets
https://bugzilla.mindrot.org/show_bug.cgi?id=1620 --- Comment #2 from Adam Megacz <megacz at gmail.com> 2009-09-10 04:01:14 EST --- I don't think they're an error condition in general, unless the user has explicitly asked them to be forwarded with "-oGSSApiDelegateCredentials=on". In that case openssh ought to inform the user that it was unable to carry out her explicit request. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.