search for: afs_token_pass

...passing", oAFSTokenPassing }, #endif { "fallbacktorsh", oFallBackToRsh }, @@ -368,7 +368,7 @@ intptr = &options->kerberos_tgt_passing; goto parse_flag; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) case oAFSTokenPassing: intptr = &options->afs_token_passing; goto parse_flag; @@ -757,7 +757,7 @@ #if defined(AFS) || defined(KRB5) options->kerberos_tgt_passing = -1; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) options->afs_token_passing = -1; #endif options->password_authentication = -1; @@ -839,7 +839,7 @@ if (...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

...her == SSH_CIPHER_NONE) + log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); + send_krb4_tgt(); + } + /* Try AFS token passing if the server supports it. */ + + if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && + options.afs_token_passing && k_hasafs()) { + if (options.cipher == SSH_CIPHER_NONE) + log("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); + send_afs_tokens(); + } +#endif /* AFS */ #ifdef KRB5 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &am...

...mp(encrypted_password, pw_password) == 0); + retval=(strcmp(encrypted_password, pw_password) == 0); + goto out; #endif /* !USE_PAM && !HAVE_OSF_SIA */ + + + out: + + if (retval) { + debug("Disabling KRB4 TGT and AFS token forwarding after successful password auth"); + options.afs_token_passing = 0; + options.kerberos_tgt_passing = 0; + } + return retval; }

...+312,7 @@ case 'A': options.forward_agent = 1; break; -#ifdef AFS +#if defined (AFS) || defined (KRB5) case 'k': options.kerberos_tgt_passing = 0; options.afs_token_passing = 0; Index: ssh.1 =================================================================== RCS file: /cvs/openssh/ssh.1,v retrieving revision 1.119 diff -u -r1.119 ssh.1 --- ssh.1 23 Jun 2002 00:32:12 -0000 1.119 +++ ssh.1 9 Aug 2002 21:43:29 -0000 @@ -471,7 +471,7 @@ should use to...

...readconf.h 10 Aug 2003 14:06:50 -0000 1.1.1.2 +++ readconf.h 10 Aug 2003 14:25:01 -0000 1.3 @@ -43,6 +43,9 @@ /* Try S/Key or TIS, authentication. */ int kerberos_authentication; /* Try Kerberos authentication. */ int kerberos_tgt_passing; /* Try Kerberos TGT passing. */ + int afs_token_passing; /* Try AFS token passing. */ + int gss_authentication; /* Try GSS authentication */ + int gss_deleg_creds; /* Delegate GSS credentials */ int password_authentication; /* Try password * authentication. */ int kbd_interactive_authentication; /* Try keyboard-interactive...