openssh bugs - Sep 2009 - [Bug 1650] New: GSSAPI code can only accept connections for the gethostbyname() name.

https://bugzilla.mindrot.org/show_bug.cgi?id=1650

           Summary: GSSAPI code can only accept connections for the
                    gethostbyname() name.
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: needs-release-note, patch
          Severity: enhancement
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: mengel at fnal.gov


Created an attachment (id=1696)
 --> (https://bugzilla.mindrot.org/attachment.cgi?id=1696)
Patch to allow a GSS_HOSTNAME environment variable to override
gethostname()

If  you are on a host with multiple IP addresses that have different
names, users cannot connect via GSSAPI authentication for the 
alternate hostnames.

The attached patch will allow a GSS_HOSTNAME environment variable to
be set which lets an sshd answer to a different hostname than the
one that gethostname() returns.  One can then run an sshd with
this environment variable set and listening to an appropriate
IP address to serve multiple hostnames on one system.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1650

--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2010-01-13
11:14:13 EST ---
(From update of attachment 1696)
I think this is addressed by bug #928 which is targeted (but not yet
committed) for the next release.
>+         if (0 != (p = getenv("GSS_HOSTNAME"))) {
>+            strncpy(lname,p,MAXHOSTNAMELEN);
If the environment variable is longer than MAXHOSTNAMELEN then lname
will end up unterminated.  You should use strlcpy instead.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1650

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au
          Component|sshd                        |Kerberos support

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1650

--- Comment #2 from Marc Mengel <mengel at fnal.gov> 2010-01-14 03:51:38
EST ---
I agree that the current proposed bug #928 fix would be a better
solution.
We should probably mark this as a dup of that bug.  Sorry for missing
it in my search.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1650

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |DUPLICATE

--- Comment #3 from Darren Tucker <dtucker at zip.com.au> 2010-01-14
09:37:33 EST ---
Thanks, closing as duplicate.

If you could test the patch in #928 and add the results to the bug that
would help.

*** This bug has been marked as a duplicate of bug 928 ***

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1650

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #4 from Damien Miller <djm at mindrot.org> 2010-04-16 15:49:54
EST ---
Mass move of bugs RESOLVED->CLOSED following the release of
openssh-5.5p1

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.