search for: auth_afs_token

...00 @@ -183,6 +183,11 @@ /* Accept AFS token. */ char *token_string = packet_get_string(&dlen); packet_integrity_check(plen, 4 + dlen, type); + /* If machine has AFS, set process authentication group. */ + if (k_hasafs()) { + k_setpag(); + k_unlog(); + } if (!auth_afs_token(pw, token_string)) verbose("AFS token REFUSED for %s", pw->pw_name); xfree(token_string); @@ -441,14 +446,6 @@ packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER); setproctitle("%s", user); - -#ifdef AFS - /* If machine has AFS, set process authentication...

...CMSG_HAVE_AFS_TOKEN: + if (!options.afs_token_passing || !k_hasafs()) { + verbose("AFS token passing disabled."); + break; + } else { + /* Accept AFS token. */ + char *token_string = packet_get_string(&dlen); + packet_integrity_check(plen, 4 + dlen, type); + if (!auth_afs_token(authctxt, token_string)) + verbose("AFS token REFUSED for %.100s", authctxt->user); + xfree(token_string); + } + //continue; +#endif /* AFS */ + #if defined(KRB4) || defined(KRB5) case SSH_CMSG_AUTH_KERBEROS: if (!options.kerberos_authentication) { @@ -169,9 +185,9 @...

.../23 12:14:19 @@ -102,14 +102,15 @@ int auth_krb4(Authctxt *, KTEXT, char **); int auth_krb4_password(Authctxt *, const char *); void krb4_cleanup_proc(void *); +#endif /* KRB4 */ #ifdef AFS #include <kafs.h> +#ifdef KRB4 int auth_krb4_tgt(Authctxt *, const char *); int auth_afs_token(Authctxt *, const char *); -#endif /* AFS */ - #endif /* KRB4 */ +#endif /* AFS */ #ifdef KRB5 int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client); --- auth1.c 2002/01/23 12:15:49 1.1 +++ auth1.c 2002/01/23 12:17:26 @@ -162,11 +162,11 @@ case SSH_CMSG_HAVE_KERBEROS_TGT: pa...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer