search for: gss_c_integ_flag

Displaying 6 results from an estimated 6 matches for "gss_c_integ_flag".

2004 Jan 22
11
Pending OpenSSH release: contains Kerberos/GSSAPI changes
(I hope this message is appropriate for these lists. If not, please tell me and I won't do it again.) Hi All. There will be a new release of OpenSSH in a couple of weeks. This release contains Kerberos and GSSAPI related changes that we would like to get some feedback about (and hopefully address any issues with) before the release. I encourage anyone with an interest in
2017 Jan 17
2
Question on Kerberos (GSSAPI) auth
...The issue may be the way the code is structured: /* Now, if we're complete and we have the right flags, then * we flag the user as also having been authenticated */ if (((flags == NULL) || ((*flags & GSS_C_MUTUAL_FLAG) && (*flags & GSS_C_INTEG_FLAG))) && (ctx->major == GSS_S_COMPLETE)) { if (ssh_gssapi_getclient(ctx, &gssapi_client)) fatal("Couldn't convert client name"); } return (status); The fatal() call there only happens when ssh_gssapi_getclient() fai...
2017 Jan 16
2
Question on Kerberos (GSSAPI) auth
...nally enables mutual authentication in the client contexts it allocates. In ssh_gssapi_init_ctx, it does the following: ctx->major = gss_init_sec_context(&ctx->minor, GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid, GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, 0, NULL, recv_tok, NULL, send_tok, flags, NULL); I don?t see anything in the RFC 4462 errata about this recommendation having changed. Does anyone know why OpenSSH enables this? It makes sense for GSSAPI key exchange (which OpenSSH doesn?t seem to implement), but not for...
2003 Sep 16
0
ANNOUNCE: GSSLib support for OpenSSH (patch)
...re OpenSSH cause the GSS library to follow a dangling pointer and write to likely unallocated memory (see patch), and several constructs that aren't likely to work with generic GSS mechanisms (e.g., the flags to gss_accept_sec_context() are set to 0 by OpenSSH, better would be GSS_C_MUTUAL_FLAG|GSS_C_INTEG_FLAG since that is what the code later check for), etc. Another, more egoistic, purpose is to get people to look at an alternative GSSAPI and Kerberos 5 implementation. Caveats: Only client mode is supported; the GSS server code in OpenSSH require too much non-GSS code that I didn't bother finish...
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2003 Aug 10
9
updated gssapi diff
...ags) +{ + int deleg_flag = 0; + + if (deleg_creds) { + deleg_flag = GSS_C_DELEG_FLAG; + debug("Delegating credentials"); + } + + ctx->major = gss_init_sec_context(&ctx->minor, + GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid, + GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, + 0, NULL, recv_tok, NULL, send_tok, flags, NULL); + + if (GSS_ERROR(ctx->major)) + ssh_gssapi_error(ctx); + + return (ctx->major); +} + +/* Create a service name for the given host */ +OM_uint32 +ssh_gssapi_import_name(Gssctxt *ctx, const char *host) +{ + gss_buffer_desc g...