Hello,
I going to use ssh with Kerberos V5 support along with support for AFS. I
don't want to use Kerberos V4 or AFS token passing. The only thing I need
from AFS is creating an AFS token (using appropriate function from krb5 API)
after user's authentication. It seems to me that such scenario is not much
supported by the current code. Rather it is assumed only Kerberos 4 will be
used with AFS.
Please, could you have a look at the enclosed patch? The main purpose of it
is to enclose those parts dealing with AFS or KRB4 ticket passing between
#ifdef AFS && KRB4 (instead of only AFS as in the current code). The
patch is
created against OpenSSH 3.0.2p1, tested with Heimdal implementation of
Kerberos V5.
Would it be possible to add the patch to the standard distribution?
with best regards
--
Daniel Kouril
-------------- next part --------------
--- Makefile.in 2002/01/23 10:09:09 1.1
+++ Makefile.in 2002/01/23 10:10:50
@@ -50,7 +50,7 @@
SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o
clientloop.o
-SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o
auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o
auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o
serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o
+SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o
auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o auth2-pam.o
auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o
servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o
auth-bsdauth.o
MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out
ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out
MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1
sshd.8 sftp-server.8 sftp.1
--- auth-krb4.c 2002/01/23 10:50:54 1.1
+++ auth-krb4.c 2002/01/23 10:55:40
@@ -34,11 +34,12 @@
#include "uidswap.h"
#include "auth.h"
+#ifdef KRB4
+
#ifdef AFS
#include "radix.h"
#endif
-#ifdef KRB4
extern ServerOptions options;
static int
@@ -279,9 +280,7 @@
packet_write_wait();
return (1);
}
-#endif /* KRB4 */
-#ifdef AFS
int
auth_krb4_tgt(Authctxt *authctxt, const char *string)
{
@@ -370,4 +369,4 @@
return (1);
}
-#endif /* AFS */
+#endif /* KRB4 */
--- auth.h 2002/01/23 12:01:53 1.1
+++ auth.h 2002/01/23 12:14:19
@@ -102,14 +102,15 @@
int auth_krb4(Authctxt *, KTEXT, char **);
int auth_krb4_password(Authctxt *, const char *);
void krb4_cleanup_proc(void *);
+#endif /* KRB4 */
#ifdef AFS
#include <kafs.h>
+#ifdef KRB4
int auth_krb4_tgt(Authctxt *, const char *);
int auth_afs_token(Authctxt *, const char *);
-#endif /* AFS */
-
#endif /* KRB4 */
+#endif /* AFS */
#ifdef KRB5
int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client);
--- auth1.c 2002/01/23 12:15:49 1.1
+++ auth1.c 2002/01/23 12:17:26
@@ -162,11 +162,11 @@
case SSH_CMSG_HAVE_KERBEROS_TGT:
packet_send_debug("Kerberos TGT passing disabled before
authentication.");
break;
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
case SSH_CMSG_HAVE_AFS_TOKEN:
packet_send_debug("AFS token passing disabled before
authentication.");
break;
-#endif /* AFS */
+#endif /* AFS && KRB4 */
#endif /* AFS || KRB5 */
case SSH_CMSG_AUTH_RHOSTS:
--- radix.c 2002/01/23 10:13:32 1.1
+++ radix.c 2002/01/23 10:27:36
@@ -27,7 +27,7 @@
RCSID("$OpenBSD: radix.c,v 1.16 2001/06/23 15:12:19 itojun Exp $");
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
#include <krb.h>
#include <radix.h>
@@ -211,4 +211,4 @@
return 1;
}
-#endif /* AFS */
+#endif /* AFS && KRB4 */
--- readconf.c 2002/01/23 12:18:23 1.1
+++ readconf.c 2002/01/23 12:23:17
@@ -102,7 +102,7 @@
#if defined(AFS) || defined(KRB5)
oKerberosTgtPassing,
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
oAFSTokenPassing,
#endif
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
@@ -147,7 +147,7 @@
#if defined(AFS) || defined(KRB5)
{ "kerberostgtpassing", oKerberosTgtPassing },
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
{ "afstokenpassing", oAFSTokenPassing },
#endif
{ "fallbacktorsh", oFallBackToRsh },
@@ -368,7 +368,7 @@
intptr = &options->kerberos_tgt_passing;
goto parse_flag;
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
case oAFSTokenPassing:
intptr = &options->afs_token_passing;
goto parse_flag;
@@ -757,7 +757,7 @@
#if defined(AFS) || defined(KRB5)
options->kerberos_tgt_passing = -1;
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
options->afs_token_passing = -1;
#endif
options->password_authentication = -1;
@@ -839,7 +839,7 @@
if (options->kerberos_tgt_passing == -1)
options->kerberos_tgt_passing = 1;
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
if (options->afs_token_passing == -1)
options->afs_token_passing = 1;
#endif
--- readconf.h 2002/01/23 12:18:23 1.1
+++ readconf.h 2002/01/23 12:23:17
@@ -47,7 +47,7 @@
#if defined(AFS) || defined(KRB5)
int kerberos_tgt_passing; /* Try Kerberos TGT passing. */
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
int afs_token_passing; /* Try AFS token passing. */
#endif
int password_authentication; /* Try password
--- servconf.c 2002/01/23 10:56:44 1.1
+++ servconf.c 2002/01/23 11:06:44
@@ -12,9 +12,13 @@
#include "includes.h"
RCSID("$OpenBSD: servconf.c,v 1.91 2001/11/12 18:17:07 markus Exp
$");
-#if defined(KRB4) || defined(KRB5)
+#if defined(KRB4)
#include <krb.h>
#endif
+#ifdef KRB5
+#include <krb5.h>
+#define KEYFILE "/etc/krb5.keytab"
+#endif
#ifdef AFS
#include <kafs.h>
#endif
@@ -82,7 +86,7 @@
#if defined(AFS) || defined(KRB5)
options->kerberos_tgt_passing = -1;
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
options->afs_token_passing = -1;
#endif
options->password_authentication = -1;
@@ -190,7 +194,7 @@
if (options->kerberos_tgt_passing == -1)
options->kerberos_tgt_passing = 0;
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
if (options->afs_token_passing == -1)
options->afs_token_passing = k_hasafs();
#endif
@@ -246,7 +250,7 @@
#if defined(AFS) || defined(KRB5)
sKerberosTgtPassing,
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
sAFSTokenPassing,
#endif
sChallengeResponseAuthentication,
@@ -297,7 +301,7 @@
#if defined(AFS) || defined(KRB5)
{ "kerberostgtpassing", sKerberosTgtPassing },
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
{ "afstokenpassing", sAFSTokenPassing },
#endif
{ "passwordauthentication", sPasswordAuthentication },
@@ -632,7 +636,7 @@
intptr = &options->kerberos_tgt_passing;
goto parse_flag;
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
case sAFSTokenPassing:
intptr = &options->afs_token_passing;
goto parse_flag;
--- servconf.h 2002/01/23 10:56:44 1.1
+++ servconf.h 2002/01/23 11:07:37
@@ -87,7 +87,7 @@
int kerberos_tgt_passing; /* If true, permit Kerberos TGT
* passing. */
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
int afs_token_passing; /* If true, permit AFS token passing. */
#endif
int password_authentication; /* If true, permit password
--- session.c 2002/01/23 11:08:20 1.1
+++ session.c 2002/01/23 12:12:42
@@ -343,19 +343,19 @@
verbose("Kerberos v5 TGT refused for %.100s",
s->authctxt->user);
#endif /* KRB5 */
} else {
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
if (auth_krb4_tgt(s->authctxt, kdata))
success = 1;
else
verbose("Kerberos v4 TGT refused for %.100s",
s->authctxt->user);
-#endif /* AFS */
+#endif /* AFS && KRB4 */
}
xfree(kdata);
}
break;
#endif /* AFS || KRB5 */
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
case SSH_CMSG_HAVE_AFS_TOKEN:
if (!options.afs_token_passing || !k_hasafs()) {
verbose("AFS token passing disabled.");
@@ -372,7 +372,7 @@
xfree(token);
}
break;
-#endif /* AFS */
+#endif /* AFS && KRB4 */
case SSH_CMSG_EXEC_SHELL:
case SSH_CMSG_EXEC_CMD:
@@ -1370,6 +1370,10 @@
krb_afslog(cell, 0);
krb_afslog(0, 0);
+#ifdef KRB5
+ krb5_afslog(s->authctxt->krb5_ctx, s->authctxt->krb5_fwd_ccache,
+ NULL, NULL);
+#endif
}
#endif /* AFS */
--- ssh.c 2002/01/23 12:28:10 1.1
+++ ssh.c 2002/01/23 12:30:58
@@ -159,9 +159,9 @@
_PATH_SSH_USER_CONFFILE);
fprintf(stderr, " -A Enable authentication agent
forwarding.\n");
fprintf(stderr, " -a Disable authentication agent forwarding
(default).\n");
-#ifdef AFS
+#if defined(AFS) || defined(KRB5)
fprintf(stderr, " -k Disable Kerberos ticket and AFS token
forwarding.\n");
-#endif /* AFS */
+#endif /* AFS || KRB5 */
fprintf(stderr, " -X Enable X11 connection
forwarding.\n");
fprintf(stderr, " -x Disable X11 connection forwarding
(default).\n");
fprintf(stderr, " -i file Identity for public key authentication
"
@@ -351,10 +351,14 @@
case 'A':
options.forward_agent = 1;
break;
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
case 'k':
options.kerberos_tgt_passing = 0;
options.afs_token_passing = 0;
+ break;
+#elif defined(KRB5)
+ case 'k':
+ options.kerberos_tgt_passing = 0;
break;
#endif
case 'i':
--- sshconnect1.c 2002/01/23 10:28:25 1.1
+++ sshconnect1.c 2002/01/23 12:05:15
@@ -26,8 +26,10 @@
#endif
#ifdef AFS
#include <kafs.h>
+#ifdef KRB4
#include "radix.h"
#endif
+#endif
#include "ssh.h"
#include "ssh1.h"
@@ -685,7 +687,7 @@
}
#endif /* KRB5 */
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
static void
send_krb4_tgt(void)
{
@@ -806,7 +808,7 @@
}
}
-#endif /* AFS */
+#endif /* AFS && KRB4 */
/*
* Tries to authenticate with any string-based challenge/response system.
@@ -1255,7 +1257,7 @@
krb5_free_context(context);
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
/* Try Kerberos v4 TGT passing if the server supports it. */
if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT))
&&
options.kerberos_tgt_passing) {
@@ -1270,7 +1272,7 @@
log("WARNING: Encryption is disabled! Token will be transmitted in the
clear!");
send_afs_tokens();
}
-#endif /* AFS */
+#endif /* AFS && KRB4 */
return; /* need statement after label */
}
--- sshd.c 2002/01/23 10:41:05 1.1
+++ sshd.c 2002/01/23 12:12:42
@@ -1289,7 +1289,7 @@
if (options.kerberos_tgt_passing)
auth_mask |= 1 << SSH_PASS_KERBEROS_TGT;
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
if (options.afs_token_passing)
auth_mask |= 1 << SSH_PASS_AFS_TOKEN;
#endif
On Wed, Jan 23, 2002 at 03:35:40PM +0100, Daniel Kouril wrote:> Hello, > > I going to use ssh with Kerberos V5 support along with support for AFS. I > don't want to use Kerberos V4 or AFS token passing. The only thing I need > from AFS is creating an AFS token (using appropriate function from krb5 API) > after user's authentication. It seems to me that such scenario is not much > supported by the current code. Rather it is assumed only Kerberos 4 will be > used with AFS. > > Please, could you have a look at the enclosed patch? The main purpose of it > is to enclose those parts dealing with AFS or KRB4 ticket passing between > #ifdef AFS && KRB4 (instead of only AFS as in the current code). The patch is > created against OpenSSH 3.0.2p1, tested with Heimdal implementation of > Kerberos V5. > > Would it be possible to add the patch to the standard distribution? > > with best regards > > -- > Daniel KourilHi all, I sent this mail some month ago and haven't received any response yet. Please, could somebody let me know if the patch is acceptable to be included in the standard distribution? I think the patch is quite simple but I could adapt it in any way if required. As I believe I'm not alone who is interested in using Kerberos V5 along with AFS I think the patch would make our life much easier. Thank you. best regards -- Daniel Kouril -------------- next part -------------- --- Makefile.in 2002/01/23 10:09:09 1.1 +++ Makefile.in 2002/01/23 10:10:50 @@ -50,7 +50,7 @@ SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o -SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o +SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 --- auth-krb4.c 2002/01/23 10:50:54 1.1 +++ auth-krb4.c 2002/01/23 10:55:40 @@ -34,11 +34,12 @@ #include "uidswap.h" #include "auth.h" +#ifdef KRB4 + #ifdef AFS #include "radix.h" #endif -#ifdef KRB4 extern ServerOptions options; static int @@ -279,9 +280,7 @@ packet_write_wait(); return (1); } -#endif /* KRB4 */ -#ifdef AFS int auth_krb4_tgt(Authctxt *authctxt, const char *string) { @@ -370,4 +369,4 @@ return (1); } -#endif /* AFS */ +#endif /* KRB4 */ --- auth.h 2002/01/23 12:01:53 1.1 +++ auth.h 2002/01/23 12:14:19 @@ -102,14 +102,15 @@ int auth_krb4(Authctxt *, KTEXT, char **); int auth_krb4_password(Authctxt *, const char *); void krb4_cleanup_proc(void *); +#endif /* KRB4 */ #ifdef AFS #include <kafs.h> +#ifdef KRB4 int auth_krb4_tgt(Authctxt *, const char *); int auth_afs_token(Authctxt *, const char *); -#endif /* AFS */ - #endif /* KRB4 */ +#endif /* AFS */ #ifdef KRB5 int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client); --- auth1.c 2002/01/23 12:15:49 1.1 +++ auth1.c 2002/01/23 12:17:26 @@ -162,11 +162,11 @@ case SSH_CMSG_HAVE_KERBEROS_TGT: packet_send_debug("Kerberos TGT passing disabled before authentication."); break; -#ifdef AFS +#if defined(AFS) && defined(KRB4) case SSH_CMSG_HAVE_AFS_TOKEN: packet_send_debug("AFS token passing disabled before authentication."); break; -#endif /* AFS */ +#endif /* AFS && KRB4 */ #endif /* AFS || KRB5 */ case SSH_CMSG_AUTH_RHOSTS: --- radix.c 2002/01/23 10:13:32 1.1 +++ radix.c 2002/01/23 10:27:36 @@ -27,7 +27,7 @@ RCSID("$OpenBSD: radix.c,v 1.16 2001/06/23 15:12:19 itojun Exp $"); -#ifdef AFS +#if defined(AFS) && defined(KRB4) #include <krb.h> #include <radix.h> @@ -211,4 +211,4 @@ return 1; } -#endif /* AFS */ +#endif /* AFS && KRB4 */ --- readconf.c 2002/01/23 12:18:23 1.1 +++ readconf.c 2002/01/23 12:23:17 @@ -102,7 +102,7 @@ #if defined(AFS) || defined(KRB5) oKerberosTgtPassing, #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) oAFSTokenPassing, #endif oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, @@ -147,7 +147,7 @@ #if defined(AFS) || defined(KRB5) { "kerberostgtpassing", oKerberosTgtPassing }, #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) { "afstokenpassing", oAFSTokenPassing }, #endif { "fallbacktorsh", oFallBackToRsh }, @@ -368,7 +368,7 @@ intptr = &options->kerberos_tgt_passing; goto parse_flag; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) case oAFSTokenPassing: intptr = &options->afs_token_passing; goto parse_flag; @@ -757,7 +757,7 @@ #if defined(AFS) || defined(KRB5) options->kerberos_tgt_passing = -1; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) options->afs_token_passing = -1; #endif options->password_authentication = -1; @@ -839,7 +839,7 @@ if (options->kerberos_tgt_passing == -1) options->kerberos_tgt_passing = 1; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) if (options->afs_token_passing == -1) options->afs_token_passing = 1; #endif --- readconf.h 2002/01/23 12:18:23 1.1 +++ readconf.h 2002/01/23 12:23:17 @@ -47,7 +47,7 @@ #if defined(AFS) || defined(KRB5) int kerberos_tgt_passing; /* Try Kerberos TGT passing. */ #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) int afs_token_passing; /* Try AFS token passing. */ #endif int password_authentication; /* Try password --- servconf.c 2002/01/23 10:56:44 1.1 +++ servconf.c 2002/01/23 11:06:44 @@ -12,9 +12,13 @@ #include "includes.h" RCSID("$OpenBSD: servconf.c,v 1.91 2001/11/12 18:17:07 markus Exp $"); -#if defined(KRB4) || defined(KRB5) +#if defined(KRB4) #include <krb.h> #endif +#ifdef KRB5 +#include <krb5.h> +#define KEYFILE "/etc/krb5.keytab" +#endif #ifdef AFS #include <kafs.h> #endif @@ -82,7 +86,7 @@ #if defined(AFS) || defined(KRB5) options->kerberos_tgt_passing = -1; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) options->afs_token_passing = -1; #endif options->password_authentication = -1; @@ -190,7 +194,7 @@ if (options->kerberos_tgt_passing == -1) options->kerberos_tgt_passing = 0; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) if (options->afs_token_passing == -1) options->afs_token_passing = k_hasafs(); #endif @@ -246,7 +250,7 @@ #if defined(AFS) || defined(KRB5) sKerberosTgtPassing, #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) sAFSTokenPassing, #endif sChallengeResponseAuthentication, @@ -297,7 +301,7 @@ #if defined(AFS) || defined(KRB5) { "kerberostgtpassing", sKerberosTgtPassing }, #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) { "afstokenpassing", sAFSTokenPassing }, #endif { "passwordauthentication", sPasswordAuthentication }, @@ -632,7 +636,7 @@ intptr = &options->kerberos_tgt_passing; goto parse_flag; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) case sAFSTokenPassing: intptr = &options->afs_token_passing; goto parse_flag; --- servconf.h 2002/01/23 10:56:44 1.1 +++ servconf.h 2002/01/23 11:07:37 @@ -87,7 +87,7 @@ int kerberos_tgt_passing; /* If true, permit Kerberos TGT * passing. */ #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) int afs_token_passing; /* If true, permit AFS token passing. */ #endif int password_authentication; /* If true, permit password --- session.c 2002/01/23 11:08:20 1.1 +++ session.c 2002/01/23 12:12:42 @@ -343,19 +343,19 @@ verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user); #endif /* KRB5 */ } else { -#ifdef AFS +#if defined(AFS) && defined(KRB4) if (auth_krb4_tgt(s->authctxt, kdata)) success = 1; else verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user); -#endif /* AFS */ +#endif /* AFS && KRB4 */ } xfree(kdata); } break; #endif /* AFS || KRB5 */ -#ifdef AFS +#if defined(AFS) && defined(KRB4) case SSH_CMSG_HAVE_AFS_TOKEN: if (!options.afs_token_passing || !k_hasafs()) { verbose("AFS token passing disabled."); @@ -372,7 +372,7 @@ xfree(token); } break; -#endif /* AFS */ +#endif /* AFS && KRB4 */ case SSH_CMSG_EXEC_SHELL: case SSH_CMSG_EXEC_CMD: @@ -1370,6 +1370,10 @@ krb_afslog(cell, 0); krb_afslog(0, 0); +#ifdef KRB5 + krb5_afslog(s->authctxt->krb5_ctx, s->authctxt->krb5_fwd_ccache, + NULL, NULL); +#endif } #endif /* AFS */ --- ssh.c 2002/01/23 12:28:10 1.1 +++ ssh.c 2002/01/23 12:30:58 @@ -159,9 +159,9 @@ _PATH_SSH_USER_CONFFILE); fprintf(stderr, " -A Enable authentication agent forwarding.\n"); fprintf(stderr, " -a Disable authentication agent forwarding (default).\n"); -#ifdef AFS +#if defined(AFS) || defined(KRB5) fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n"); -#endif /* AFS */ +#endif /* AFS || KRB5 */ fprintf(stderr, " -X Enable X11 connection forwarding.\n"); fprintf(stderr, " -x Disable X11 connection forwarding (default).\n"); fprintf(stderr, " -i file Identity for public key authentication " @@ -351,10 +351,14 @@ case 'A': options.forward_agent = 1; break; -#ifdef AFS +#if defined(AFS) && defined(KRB4) case 'k': options.kerberos_tgt_passing = 0; options.afs_token_passing = 0; + break; +#elif defined(KRB5) + case 'k': + options.kerberos_tgt_passing = 0; break; #endif case 'i': --- sshconnect1.c 2002/01/23 10:28:25 1.1 +++ sshconnect1.c 2002/01/23 12:05:15 @@ -26,8 +26,10 @@ #endif #ifdef AFS #include <kafs.h> +#ifdef KRB4 #include "radix.h" #endif +#endif #include "ssh.h" #include "ssh1.h" @@ -685,7 +687,7 @@ } #endif /* KRB5 */ -#ifdef AFS +#if defined(AFS) && defined(KRB4) static void send_krb4_tgt(void) { @@ -806,7 +808,7 @@ } } -#endif /* AFS */ +#endif /* AFS && KRB4 */ /* * Tries to authenticate with any string-based challenge/response system. @@ -1255,7 +1257,7 @@ krb5_free_context(context); #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) /* Try Kerberos v4 TGT passing if the server supports it. */ if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && options.kerberos_tgt_passing) { @@ -1270,7 +1272,7 @@ log("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); send_afs_tokens(); } -#endif /* AFS */ +#endif /* AFS && KRB4 */ return; /* need statement after label */ } --- sshd.c 2002/01/23 10:41:05 1.1 +++ sshd.c 2002/01/23 12:12:42 @@ -1289,7 +1289,7 @@ if (options.kerberos_tgt_passing) auth_mask |= 1 << SSH_PASS_KERBEROS_TGT; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) if (options.afs_token_passing) auth_mask |= 1 << SSH_PASS_AFS_TOKEN; #endif