bugzilla-daemon at bugzilla.mindrot.org
2016-Nov-09 14:55 UTC
[Bug 2637] New: GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637
Bug ID: 2637
Summary: GSSAPIStrictAcceptorCheck should default to 'yes'
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: minor
Priority: P5
Component: Kerberos support
Assignee: unassigned-bugs at mindrot.org
Reporter: tomas.kuthan at oracle.com
When GSSAPIStrictAcceptorCheck is not explicitely specified, the
default value should be yes. It is documented in sshd_config(5) this
way and it preserves original behavior.
Also GSSAPIStrictAcceptorCheck=no interacts poorly with
GSSAPIKeyExchange, where it make the server willing to negotiate
GSS-API key exchange, although no keytab was provided.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Nov-09 14:56 UTC
[Bug 2637] GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637
Tomas Kuthan <tomas.kuthan at oracle.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tomas.kuthan at oracle.com
--- Comment #1 from Tomas Kuthan <tomas.kuthan at oracle.com> ---
Created attachment 2889
--> https://bugzilla.mindrot.org/attachment.cgi?id=2889&action=edit
GSSAPIStrictAcceptorCheck=yes by default
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jan-06 03:32 UTC
[Bug 2637] GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org,
| |dtucker at zip.com.au
Attachment #2889| |ok?(dtucker at zip.com.au)
Flags| |
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Comment on attachment 2889
--> https://bugzilla.mindrot.org/attachment.cgi?id=2889
GSSAPIStrictAcceptorCheck=yes by default
This seems reasonable to me.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jan-06 03:32 UTC
[Bug 2637] GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2647
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2647
[Bug 2647] Tracking bug for OpenSSH 7.5 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jan-06 03:36 UTC
[Bug 2637] GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2889|ok?(dtucker at zip.com.au) |ok+
Flags| |
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jan-06 03:46 UTC
[Bug 2637] GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
applied - thanks
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:09 UTC
[Bug 2637] GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Possibly Parallel Threads
- [Bug 2376] New: Add compile time option to disable Curve25519
- [Bug 2299] New: Disable uid=0 resetting test on Solaris
- [Bug 2719] New: Notify user, when ssh transport process dies.
- [Bug 2101] New: Unaligned memory access on sparc in UMAC implemetation
- [Bug 2636] New: Fix X11 forwarding, when ::1 is not configured