search for: auth_krb4

...verbose mode). When I try to run sshd in debug mode without the daemon (-d -d -d -D) and reproduce this problem, it is in fact segfaulting shortly after the point where the krb4 auth is failing. Some gdb traces show that this segfault is happening in malloc(). The cause of this is a free() in the auth_krb4 function (in auth-krb4.c) of a pointer, client_user, passed by reference (as *client) to that function. The do_authloop function in auth1.c, which calls auth_krb4, expects that this pointer is either valid or NULL on return, since it will free any non-NULL pointer later in the loop. One solution, r...

...: auth-passwd.c: -------------- at line 46: add line: #define ONLY_PASSWD_AUTH (just before: #include "auth.h" ) auth.h ------ make include of krb.h conditional (starts at line 100): #ifdef KRB4 new--> #ifndef ONLY_PASSWD_AUTH #include <krb.h> int auth_krb4(Authctxt *, KTEXT, char **); int auth_krb4_password(Authctxt *, const char *); void krb4_cleanup_proc(void *); new--> #endif /* ! ONLY_PASSWD_AUTH */ After making this change, ssh will build and run but sshd does not allow logging in using AFS accounts despite the defaults sayin...

...11 +34,12 @@ #include "uidswap.h" #include "auth.h" +#ifdef KRB4 + #ifdef AFS #include "radix.h" #endif -#ifdef KRB4 extern ServerOptions options; static int @@ -279,9 +280,7 @@ packet_write_wait(); return (1); } -#endif /* KRB4 */ -#ifdef AFS int auth_krb4_tgt(Authctxt *authctxt, const char *string) { @@ -370,4 +369,4 @@ return (1); } -#endif /* AFS */ +#endif /* KRB4 */ --- auth.h 2002/01/23 12:01:53 1.1 +++ auth.h 2002/01/23 12:14:19 @@ -102,14 +102,15 @@ int auth_krb4(Authctxt *, KTEXT, char **); int auth_krb4_password(Authctxt *, con...

...- check the result of auth_parse_options() for negative, 0, or positive values. - modified userauth_pubkey() to check for a positive return from user_key_allowed() - sshd.8 - added documentation for new key types and the new auth_keys option - auth-krb4.c - modified auth_krb4() to build a Key struct and call user_key_allowed() - auth-krb5.c - modified auth_krb5() to build a Key struct and call user_key_allowed() - gss-serv.c - modified ssh_gssapi_krb5_userok() to build a Key struct and call user_key_allowed() Comments? Nico -- -DISCLAIMER: an auto...

...mdal, MIT, SEAM, all implement pretty much the same all-or-nothing .klogin/.k5login functionality). A similar patch of gss-serv.c:ssh_gssapi_gsi_userok() to support the use of 'gsi' key names in authorized_keys2 would be trivial, but I cannot test GSI. A similar patch to auth-krb4.c:auth_krb4() to support the use of 'krb4' key names would be trivial, but I cannot test such a patch. A question, in my mind, is whether the krb4/gss:krb5/gss:gsi ssh_*userok() code should require both, authorized_keys2 check *and* the underlying mechanism userok() check to succeed, or either, or wha...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the