thr3ads.net - openssh unix dev - a patch for 3.4, please [Oct 2002]

If this information is useful, please help other people find it:
Share via:

Gintautas Grigelionis

2002-Oct-05 11:34 UTC

a patch for 3.4, please

Hello all,

I'd greatly appreciate a patch that will stop PAM mucking around after
I log in with a Kerberos 4 ticket and forward an AFS ticket (KTH
Kerberos 1.1.1 used for libkrb/libkafs). The trouble is, I need
pam_krb4, so that folks, who log in with without tickets using
tunnelled plaintext password, would get Kerberos 4 tickets for the
box. I rebuilt sshd without PAM in order to verify that PAM destroys
the tokens but I've not enough time to analyse the code in more
details.  I guess

# ifdef USE_PAM
		do_pam_setcred(0);
# endif /* USE_PAM */

in session.c is the culprit. By the way, I've had to disable privsep
because otherwise /etc/srvtab cannot be read. I hope I've provided
enough information.

Thanks in advance,
Gintas

Gintautas Grigelionis

2002-Oct-07 05:51 UTC

head link

a patch for 3.4, please

Hello,

for the lack of a better, here's my own try at a "AFS token passing
vs. Kerberos 4 PAM" problem.

Gintas

-------------- next part --------------
*** session.c.orig	Wed Jun 26 15:51:06 2002
--- session.c	Mon Oct  7 07:46:39 2002
***************
*** 86,91 ****
--- 86,94 ----
  static void do_authenticated2(Authctxt *);
  
  static int session_pty_req(Session *);
+ #ifdef AFS
+ static int afsfwd = 0;
+ #endif
  
  /* import */
  extern ServerOptions options;
***************
*** 394,399 ****
--- 397,403 ----
  					verbose("AFS token refused for %.100s",
  					    s->authctxt->user);
  				xfree(token);
+ 				afsfwd = success;
  			}
  			break;
  #endif /* AFS */
***************
*** 462,468 ****
--- 466,479 ----
  
  #if defined(USE_PAM)
  	do_pam_session(s->pw->pw_name, NULL);
+ # ifdef AFS
+ 	debug ("AFS token passing: %d", afsfwd);
+ 	if (afsfwd == 0) {
+ # endif
  	do_pam_setcred(1);
+ # ifdef AFS
+ 	}
+ # endif
  	if (is_pam_password_change_required())
  		packet_disconnect("Password change required but no "
  		    "TTY available");
***************
*** 580,586 ****
--- 591,604 ----
  
  #if defined(USE_PAM)
  	do_pam_session(s->pw->pw_name, s->tty);
+ # ifdef AFS
+ 	debug ("AFS token passing: %d", afsfwd);
+ 	if (afsfwd == 0) {
+ # endif
  	do_pam_setcred(1);
+ # ifdef AFS
+ 	}
+ # endif
  #endif
  
  	/* Fork the child. */

Seemingly Similar Threads

Search for more apparently analagous threads

openssh unix dev - Oct 2002 - a patch for 3.4, please

a patch for 3.4, please

a patch for 3.4, please

Seemingly Similar Threads