Displaying 20 results from an estimated 39 matches for "gssapidelegatecredenti".
2007 May 06
2
[Bug 1312] Add short command-line option -K for activating GSSAPIDelegateCredentials
http://bugzilla.mindrot.org/show_bug.cgi?id=1312
Summary: Add short command-line option -K for activating
GSSAPIDelegateCredentials
Product: Portable OpenSSH
Version: 4.4p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Kerberos support
AssignedTo: bitbucket at mindrot.org
ReportedBy: Ma...
2007 Apr 30
1
GSSAPIDelegateCredentials fails with a segfault
Hi,
I'm trying to use the GSSAPIDelegateCredentials function to forward my
kerberos 5 tickets.
Authentication with GSSAPI/Kerberos 5 works fine, I can log in to the
server when I have valid tickets on my client.
But when I turn on GSSAPIDelegateCredentials I get "Connection reset by
peer" at the client side.
At the server side, I hav...
2009 Jul 10
2
[Bug 1620] New: GSSAPIDelegateCredentials fails silently when given non-forwardable tickets
https://bugzilla.mindrot.org/show_bug.cgi?id=1620
Summary: GSSAPIDelegateCredentials fails silently when given
non-forwardable tickets
Product: Portable OpenSSH
Version: 5.2p1
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Kerberos support...
2006 Jul 10
1
[Bug 944] ssh_config missing default configuration values for GSSAPI
...iables
in
/etc/ssh/sshd_config it turned out the *client* lacked the variables in
/etc/ssh/ssh_config, which would instruct it to try gssapi. Please add
to /etc/ssh/ssh_config these two lines:
# Instruct ssh(1) client to attempt GSSAPI authentication, see
ssh_config(5)
# GSSAPIAuthentication yes
# GSSAPIDelegateCredentials yes
</quote>
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2006 Feb 10
0
OpenSSH ControlAllowUsers, et al Patch
...ntrolPath
+ ControlBindMask
+ ControlAllowUsers
+ ControlAllowGroups
+ ControlDenyUsers
+ ControlDenyGroups
GlobalKnownHostsFile
GSSAPIAuthentication
GSSAPIDelegateCredentials
Index: scp.1
===================================================================
--- scp.1 (revision 15802)
+++ scp.1 (revision 15803)
@@ -130,6 +130,11 @@
.It ConnectTimeout
.It ControlMaster
.It ControlPath
+.It ControlBindMask
+.It ControlAllowUsers
+.It ControlAllowGroups
+.It ControlDeny...
2023 Aug 02
1
[PATCH] ssh_config: reflect default CheckHostIP no
...no'...")
> ---
> ssh_config | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/ssh_config b/ssh_config
> index 842ea866c..1eb1c0063 100644
> --- a/ssh_config
> +++ b/ssh_config
> @@ -25,7 +25,7 @@
> # GSSAPIAuthentication no
> # GSSAPIDelegateCredentials no
> # BatchMode no
> -# CheckHostIP yes
> +# CheckHostIP no
> # AddressFamily any
> # ConnectTimeout 0
> # StrictHostKeyChecking ask
> --
> 2.38.1
>
2004 Oct 25
1
[Bug 944] ssh_config missing default configuration values for GSSAPI
...nts that
assist the installer properly configure the software. In the absence of any
documentation for how to configure GSSAPI in SSH, these comment tags in
ssh_config and sshd_config are essential for success.
One critical addition to ssh_config would be the following:
#GSSAPIAuthentication no
#GSSAPIDelegateCredentials no
>From a deeper inspection of readconf.c, it appears the ssh_config file has not
been maintained, and these informative default values do not appear for many
other configurable parameters. Although my primary interest is GSSAPI, anyone
spending time to fix this issue should add all missin...
2006 Aug 18
2
[Bug 1219] typo in ssh_config
...atform: Other
OS/Version: All
Status: NEW
Severity: trivial
Priority: P2
Component: Miscellaneous
AssignedTo: bitbucket at mindrot.org
ReportedBy: dleonard at vintela.com
a minor nit-pick; a comment in the sample ssh_config mispells
GSSAPIDelegateCredentials as DelegatCredentials
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2007 Apr 30
0
GSSAPI credentials delegation fails with a segfault
Hi,
I'm trying to use the GSSAPIDelegateCredentials function to forward my
kerberos 5 tickets.
Authentication with GSSAPI/Kerberos 5 works fine, I can log in to the
server when I have valid tickets on my client.
But when I turn on GSSAPIDelegateCredentials I get "Connection reset by
peer" at the client side.
At the server side, I hav...
2005 Sep 01
0
Announce: OpenSSH 4.2 released
...client requests it. This behaviour has been changed in OpenSSH
4.2 to only delegate credentials to users who authenticate
using the GSSAPI method. This eliminates the risk of credentials
being inadvertently exposed to an untrusted user/host (though
users should not activate GSSAPIDelegateCredentials to begin
with when the remote user or host is untrusted)
- Added a new compression method that delays the start of zlib
compression until the user has been authenticated successfully.
The new method ("Compression delayed") is on by default in the
server. This elimi...
2005 Sep 01
0
Announce: OpenSSH 4.2 released
...client requests it. This behaviour has been changed in OpenSSH
4.2 to only delegate credentials to users who authenticate
using the GSSAPI method. This eliminates the risk of credentials
being inadvertently exposed to an untrusted user/host (though
users should not activate GSSAPIDelegateCredentials to begin
with when the remote user or host is untrusted)
- Added a new compression method that delays the start of zlib
compression until the user has been authenticated successfully.
The new method ("Compression delayed") is on by default in the
server. This elimi...
2004 Feb 27
1
[PATCH] Getting AFS tokens from a GSSAPI-delegated TGT
Here is a patch I just wrote and tested which may be of interest to
those who wish to use KerberosGetAFSToken (currently requires Heimdal
libkafs) in combination with GSSAPIDelegateCredentials. The patch is
in the public domain and comes with no warranty whatsoever. Applies
to pristine 3.8p1. Works for me on Solaris and Tru64.
I'd probably have used Doug Engert's patch from 2004-01-30 if Heimdal's
afslog command supported -setpag; although to be honest I don't really...
2006 Dec 14
1
Problems using gssapi authentication from FreeBSD to Linux machines
...e
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP no
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc...
2016 Nov 24
17
[Bug 2643] New: Can not ssh with tr_TR.UTF-8 locale (Bad configuration options)
...ng configuration data ~/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
/etc/ssh/ssh_config: line 55: Bad configuration option:
gssapIauthentication
/etc/ssh/ssh_config: line 56: Bad configuration option:
gssapIdelegatecredentials
/etc/ssh/ssh_config: terminating, 2 bad configuration options
If I commend aut GSSAPIAuthentication and GSSAPIDelegateCredentials
options, I can ssh to a host.
So to ssh to a host with tr_TR.UTF-8 locale, one must commend out
IdentityFile, if it is used, GSSAPIAuthentication and
GSSAPIDele...
2020 Oct 02
2
Kerberos ticket lifetime
On 02/10/2020 13:01, Jason Keltz via samba wrote:
> On 10/2/2020 5:25 AM, Rowland penny via samba wrote:
>
>> On 01/10/2020 21:46, Rowland penny via samba wrote:
>>> On 01/10/2020 21:23, Jason Keltz via samba wrote:
>>>>
>>>>
>>>> Okay - I guess the failure of kdc: lines in smb.conf is a bug.
>>>>
>>>> Let's wait
2009 May 06
1
Kerberos and 2008 AD troubles
...rectly
Net ads join: OK
Wbinfo -u/g: Shows all users and groups in the domain
Pam_winbind: Allows users to login to the console or through SSH
(password)
/etc/ssh/sshd_conf: GSSAPIAuthentication yes
/etc/ssh/ssh_conf (on remote machine configured exactly the same):
GSSAPIAuthentication yes and GSSAPIDelegateCredentials no
Same error on Debain Lenny using Samba 3.2.5 and Debain Squeeze using
Samba 3.3.3
/etc/samba/smb.conf:
[global]
workgroup = BYU
realm = BYU.LOCAL
preferred master = no
server string = %h server
dns proxy = no
debug...
2012 Jul 09
2
How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?
Hi,
I am doing some kerberos testing with samba4 using ssh. I have setup
samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and
active directory seems to be working both with Windows and Linux clients.
ssh unfortunately is not kerberos authenticating via GSSAPI. The client
krb5.conf contains this:
=====================================================
[libdefaults]
2020 Oct 02
0
Kerberos ticket lifetime
...roblem is the lack of pam_krb5
>
But I ssh to the system and the ticket already forwards.? The problem is
just that winbind isn't automatically renewing the ticket.?? Do you have
"forwardable=true" in /etc/krb5.conf, and did you use "ssh -K <host>" or
do you have GSSAPIDelegateCredentials enabled?
Jason.
2004 Mar 29
1
openssh and SEAM (Kerberos)
...hich options do i need to use when compiling
openssh? Do i need to use --with-kerberos5=kerbpath
or --with-pam or both?
3. Which options need to be enabled in the
sshd_config? KerberosAuthentication?
GSSAPIAuthentication?
4. Which options are needed in ssh_config?
GSSAPIAuthentication yes? GSSAPIDelegateCredentials
yes?
5. Does openssh rely on the pam_krb5 module?
6. Are there any good sources of information
regarding the integration of SEAM and openssh?
I have tried many combinations of these options but
have been unsuccessful so far. Maybe I'm missing
something. I've looked at docs.sun.com...
2005 Dec 09
0
openssh & kerberos difficulties
1/
When I access with GSSAPIAuthentication & GSSAPIDelegateCredentials the option
KerberosGetAFSToken does not work. The tickets are transfered correctly because
the AFS tokens are obtained if the command afslog is inserted in /etc/ssh/sshrc
file.
2/
When multiple realms are defined in /etc/krb5.conf sshd uses only the first
default realm for kerberos password aut...