search for: gssctxt

...len, void *ctxt); +static void input_gssapi_errtok(int, u_int32_t, void *); + +/* + * We only support those mechanisms that we know about (ie ones that we know + * how to check local user kuserok and the like + */ +static int +userauth_gssapi(Authctxt *authctxt) +{ + gss_OID_desc oid = {0, NULL}; + Gssctxt *ctxt = NULL; + int mechs; + gss_OID_set supported; + int present; + OM_uint32 ms; + u_int len; + char *doid = NULL; + + if (!authctxt->valid || authctxt->user == NULL) + return (0); + + mechs = packet_get_int(); + if (mechs == 0) { + debug("Mechanism negotiation is not supported"...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

...ying to troubleshoot gssapi_with_mic authentication with OpenSSH 5.2p1 on FreeBSD 8.0. If I run sshd with maximum debug "sshd -ddd" the most detail I get is: GSSAPI MIC check failed That comes from line 282 in auth2-gss.c 279 if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) 280 authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); 281 else 282 logit("GSSAPI MIC check failed"); 283 I think that's as much help as I can get from sshd. I'd like to add some prin...

...us, min_status; u_int len; +#ifndef DISABLE_PRIVSEP if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) +#else + if (authctxt == NULL || authctxt->methoddata == NULL) +#endif /* DISABLE_PRIVSEP */ fatal("No authentication or GSSAPI context"); gssctxt = authctxt->methoddata; @@ -179,7 +183,11 @@ OM_uint32 maj_status; u_int len; +#ifndef DISABLE_PRIVSEP if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) +#else + if (authctxt == NULL || authctxt->methoddata == NULL) +#endif /* DISABLE_PRIVSEP */ fat...

...f the mechanism is usable before we offer it */ while (mech < gss_supported->count && !ok) { /* My DER encoding requires length<128 */ if (gss_supported->elements[mech].length < 128 && ssh_gssapi_check_mechanism(&gssctxt, &gss_supported->elements[mech], authctxt->host)) { ok = 1; /* Mechanism works */ } else { mech++; } } The debug errors are: debug3: authmethod_is_enabled gssapi-with-mic debug1:...

..._file" echo " Make sure the path to scp is present, otherwise scp will not work" --- openssh-4.2p1/monitor.c~ 2005-07-17 08:53:31.000000000 +0100 +++ openssh-4.2p1/monitor.c 2006-01-07 18:40:42.000000000 +0000 @@ -69,6 +69,8 @@ RCSID("$OpenBSD: monitor.c,v 1.63 2005/0 static Gssctxt *gsscontext = NULL; #endif +#ifdef USE_PRIVSEP + /* Imports */ extern ServerOptions options; extern u_int utmp_len; @@ -1916,3 +1918,5 @@ mm_answer_gss_userok(int sock, Buffer *m return (authenticated); } #endif /* GSSAPI */ + +#endif /* USE_PRIVSEP */ --- openssh-4.2p1/monitor_mm.c~ 2004...

.../* destroy_sensitive_data(); */ diff --git a/monitor.c b/monitor.c index 7286126..8f289b5 100644 --- a/monitor.c +++ b/monitor.c @@ -97,6 +97,7 @@ #include "ssh2.h" #include "jpake.h" #include "roaming.h" +#include "authfd.h" #ifdef GSSAPI static Gssctxt *gsscontext = NULL; @@ -686,6 +687,8 @@ mm_answer_moduli(int sock, Buffer *m) return (0); } +extern AuthenticationConnection *auth_conn; + int mm_answer_sign(int sock, Buffer *m) { @@ -714,10 +717,16 @@ mm_answer_sign(int sock, Buffer *m) memcpy(session_id2, p, session_id2_len); } -...

https://bugzilla.mindrot.org/show_bug.cgi?id=2319 Bug ID: 2319 Summary: [PATCH REVIEW] U2F authentication Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at