openssh unix dev - Jan 2017 - [PATCH] Set KRB5PRINCIPAL in user environment

Signed-off-by: Johannes L?thberg <johannes at kyriasis.com>
---
 gss-serv-krb5.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index 795992d9..a12bb244 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -106,6 +106,11 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char
*name)
 	} else
 		retval = 0;
 
+#ifdef USE_PAM
+	if (options.use_pam)
+		do_pam_putenv("KRB5PRINCIPAL", (char
*)client->displayname.value);
+#endif
+
 	krb5_free_principal(krb_context, princ);
 	return retval;
 }
-- 
2.11.0

On 01/04/2017 10:57 AM, Johannes L?thberg wrote:
> Signed-off-by: Johannes L?thberg <johannes at kyriasis.com>
> ---
>   gss-serv-krb5.c | 5 +++++
>   1 file changed, 5 insertions(+)
>
> diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
> index 795992d9..a12bb244 100644
> --- a/gss-serv-krb5.c
> +++ b/gss-serv-krb5.c
> @@ -106,6 +106,11 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char
*name)
>   	} else
>   		retval = 0;
>   
> +#ifdef USE_PAM
> +	if (options.use_pam)
> +		do_pam_putenv("KRB5PRINCIPAL", (char
*)client->displayname.value);
> +#endif
> +
>   	krb5_free_principal(krb_context, princ);
>   	return retval;
>   }
Hello,

this change request is already tracked as a bug #2063 [1] (with the 
related configuration option). Having this working in future releases 
would be very nice.

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2063

Regards,

-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat

Hey,

On 05/01, Jakub Jelen wrote:
>On 01/04/2017 10:57 AM, Johannes L?thberg wrote:
>>Signed-off-by: Johannes L?thberg <johannes at kyriasis.com>
>>---
>>  gss-serv-krb5.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>>diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
>>index 795992d9..a12bb244 100644
>>--- a/gss-serv-krb5.c
>>+++ b/gss-serv-krb5.c
>>@@ -106,6 +106,11 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client,
char *name)
>>  	} else
>>  		retval = 0;
>>+#ifdef USE_PAM
>>+	if (options.use_pam)
>>+		do_pam_putenv("KRB5PRINCIPAL", (char
*)client->displayname.value);
>>+#endif
>>+
>>  	krb5_free_principal(krb_context, princ);
>>  	return retval;
>>  }
>Hello,
>
>this change request is already tracked as a bug #2063 [1] (with the 
>related configuration option). Having this working in future releases 
>would be very nice.
>
>[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2063
>

Ah, hadn't seen that.  Would be nice with some maintainer insight into 
this.

-- 
Sincerely,
  Johannes L?thberg
  PGP Key ID: 0x50FB9B273A9D0BB5
  https://theos.kyriasis.com/~kyrias/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1796 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20170106/1cbe701e/attachment.bin>