David M. Williams
2002-Aug-09 21:51 UTC
patch to ssh.c for KerberosTgtPassing and readability patches for config files and manpages
Hey All, Found a very minor problem with client implementation of KerberosTgtPassing command line flag in ssh.c (first diff). We also made some readability patches to the config files and manpages to make the option clearer (the remainder of the diffs). diffs are against -current Index: ssh.c ==================================================================RCS file: /cvs/openssh/ssh.c,v retrieving revision 1.158 diff -u -r1.158 ssh.c --- ssh.c 23 Jul 2002 21:03:03 -0000 1.158 +++ ssh.c 9 Aug 2002 21:43:30 -0000 @@ -159,8 +159,8 @@ _PATH_SSH_USER_CONFFILE); fprintf(stderr, " -A Enable authentication agent forwarding.\n"); fprintf(stderr, " -a Disable authentication agent forwarding (default).\n"); -#ifdef AFS - fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n"); +#if defined (AFS) || defined (KRB5) + fprintf(stderr, " -k Disable SSH1 Kerberos V4/5 ticket and AFS token forwarding.\n"); #endif /* AFS */ fprintf(stderr, " -X Enable X11 connection forwarding.\n"); fprintf(stderr, " -x Disable X11 connection forwarding (default).\n"); @@ -312,7 +312,7 @@ case 'A': options.forward_agent = 1; break; -#ifdef AFS +#if defined (AFS) || defined (KRB5) case 'k': options.kerberos_tgt_passing = 0; options.afs_token_passing = 0; Index: ssh.1 ==================================================================RCS file: /cvs/openssh/ssh.1,v retrieving revision 1.119 diff -u -r1.119 ssh.1 --- ssh.1 23 Jun 2002 00:32:12 -0000 1.119 +++ ssh.1 9 Aug 2002 21:43:29 -0000 @@ -471,7 +471,7 @@ should use to communicate with a smartcard used for storing the user's private RSA key. .It Fl k -Disables forwarding of Kerberos tickets and AFS tokens. +Disables forwarding of Kerberos V4/5 tickets and AFS tokens under SSH protocol 1. This may also be specified on a per-host basis in the configuration file. .It Fl l Ar login_name Specifies the user to log in as on the remote machine. Index: ssh_config.5 ==================================================================RCS file: /cvs/openssh/ssh_config.5,v retrieving revision 1.1 diff -u -r1.1 ssh_config.5 --- ssh_config.5 21 Jun 2002 00:59:06 -0000 1.1 +++ ssh_config.5 9 Aug 2002 21:43:30 -0000 @@ -355,8 +355,8 @@ or .Dq no . .It Cm KerberosTgtPassing -Specifies whether a Kerberos TGT will be forwarded to the server. -This will only work if the Kerberos server is actually an AFS kaserver. +Specifies whether Kerberos V4/5 TGT's will be forwarded to the server. +This will only work with Kerberos V4 if the KDC is an AFS kaserver. The argument to this keyword must be .Dq yes or Index: sshd_config ==================================================================RCS file: /cvs/openssh/sshd_config,v retrieving revision 1.53 diff -u -r1.53 sshd_config --- sshd_config 1 Aug 2002 01:28:39 -0000 1.53 +++ sshd_config 9 Aug 2002 21:43:30 -0000 @@ -66,7 +66,8 @@ #AFSTokenPassing no -# Kerberos TGT Passing only works with the AFS kaserver +# Specifies whether Kerberos V4/5 TGT's can be forwarded to the server. +# Kerberos V4 TGT passing only works when KDC is an AFS kaserver. #KerberosTgtPassing no # Set this to 'yes' to enable PAM keyboard-interactive authentication Index: sshd_config.5 ==================================================================RCS file: /cvs/openssh/sshd_config.5,v retrieving revision 1.5 diff -u -r1.5 sshd_config.5 --- sshd_config.5 1 Aug 2002 01:28:39 -0000 1.5 +++ sshd_config.5 9 Aug 2002 21:43:30 -0000 @@ -320,10 +320,10 @@ Default is .Dq yes . .It Cm KerberosTgtPassing -Specifies whether a Kerberos TGT may be forwarded to the server. +Specifies whether Kerberos V4/5 TGT's may be forwarded to the server. Default is -.Dq no , -as this only works when the Kerberos KDC is actually an AFS kaserver. +.Dq no . +This will only work with Kerberos V4 if the KDC is an AFS kaserver. .It Cm KerberosTicketCleanup Specifies whether to automatically destroy the user's ticket cache file on logout.
Possibly Parallel Threads
- Kerberos/AFS options in ssh/sshd while disabling them in configure
- Kerberos/AFS options in ssh/sshd while disabling them in configure
- Non-member submission from [Keith Baker <ssh@par.dhs.org>] (fwd)
- krb5 problem: KRB5CCNAME is ""; possible fix for OpenSSH 3.0.2p1
- Password Login Failing... (Not sure this went through)