search for: k_hasafs

Displaying 15 results from an estimated 15 matches for "k_hasafs".

2004 Feb 27
1
[PATCH] Getting AFS tokens from a GSSAPI-delegated TGT
...5_use_ccache(Authctxt *authctxt); #endif /* KRB5 */ #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) --- orig/session.c +++ mod/session.c @@ -1462,20 +1462,22 @@ * home directory is in AFS and it's not world-readable. */ - if (options.kerberos_get_afs_token && k_hasafs() && - (s->authctxt->krb5_ctx != NULL)) { - char cell[64]; + if (options.kerberos_get_afs_token && k_hasafs()) { + session_krb5_use_ccache(s->authctxt); + if (s->authctxt->krb5_ctx != NULL) { + char cell[64]; - debug("Getting AFS token"); + de...
2001 Oct 02
2
AFS and tokenforwarding
...og("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); + send_krb4_tgt(); + } + /* Try AFS token passing if the server supports it. */ + + if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && + options.afs_token_passing && k_hasafs()) { + if (options.cipher == SSH_CIPHER_NONE) + log("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); + send_afs_tokens(); + } +#endif /* AFS */ #ifdef KRB5 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && @@ -1202,6 +122...
2000 May 09
1
openssh-2.1.0 and AFS
...c.orig Tue May 9 16:28:50 2000 +++ auth1.c Tue May 9 17:38:13 2000 @@ -183,6 +183,11 @@ /* Accept AFS token. */ char *token_string = packet_get_string(&dlen); packet_integrity_check(plen, 4 + dlen, type); + /* If machine has AFS, set process authentication group. */ + if (k_hasafs()) { + k_setpag(); + k_unlog(); + } if (!auth_afs_token(pw, token_string)) verbose("AFS token REFUSED for %s", pw->pw_name); xfree(token_string); @@ -441,14 +446,6 @@ packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER); setproctitle("%s",...
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)
2001 Nov 20
3
problem with AFS token forwarding
Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the
2002 Jan 23
1
Fix AFS and Kerberos interaction
...#endif options->password_authentication = -1; @@ -190,7 +194,7 @@ if (options->kerberos_tgt_passing == -1) options->kerberos_tgt_passing = 0; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) if (options->afs_token_passing == -1) options->afs_token_passing = k_hasafs(); #endif @@ -246,7 +250,7 @@ #if defined(AFS) || defined(KRB5) sKerberosTgtPassing, #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) sAFSTokenPassing, #endif sChallengeResponseAuthentication, @@ -297,7 +301,7 @@ #if defined(AFS) || defined(KRB5) { "kerberostgtpassing...
2001 Jan 03
1
chroot.diff
...ROOT */ + if (setgid(pw->pw_gid) < 0) { perror("setgid"); exit(1); @@ -1122,7 +1148,6 @@ #ifdef HAVE_LOGIN_CAP shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); #endif - #ifdef AFS /* Try to get AFS tokens for the local cell. */ if (k_hasafs()) { -------------- next part -------------- diff -u openssh-2.3.0p1/acconfig.h openssh-2.3.0p1-chroot/acconfig.h --- openssh-2.3.0p1/acconfig.h Wed Oct 18 14:11:44 2000 +++ openssh-2.3.0p1-chroot/acconfig.h Wed Jan 3 19:23:48 2001 @@ -199,6 +199,9 @@ /* Define if you want to allow MD5 passwords...
2001 Oct 12
17
Please test snapshots for 3.0 release
Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer
2004 Jan 01
1
Syncing sshd/krb GetAFSToken change to Portable: help wanted
...-o sshd [snip objs] -L. -Lopenbsd-compat/ -L/usr/kerberos/lib -lssh -lopenbsd-compat -lwrap -lresolv -lskey -lutil -lz -lnsl -lcrypto -lcrypt -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err session.o: In function `do_child?: /home/builder/gate/openssh-tinderbox/session.c:1427: undefined reference to `k_hasafs? /home/builder/gate/openssh-tinderbox/session.c:1433: undefined reference to `k_setpag? /home/builder/gate/openssh-tinderbox/session.c:1435: undefined reference to `k_afs_cell_of_file? /home/builder/gate/openssh-tinderbox/session.c:1436: undefined reference to `krb5_afslog? /home/builder/gate/opens...
2002 May 03
0
AFS/Kerberos authentication problems on IRIX 6.5.15
...s no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options # KerberosAuthentication automatically enabled if keyfile exists KerberosAuthentication yes KerberosOrLocalPasswd no KerberosTicketCleanup yes # AFSTokenPassing automatically enabled if k_hasafs() is true AFSTokenPassing yes # Kerberos TGT Passing only works with the AFS kaserver KerberosTgtPassing yes # Set this to 'yes' to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAMAuthenticationV...
2000 Dec 06
2
Problems on Sparcs (fwd)
comments? -------------- next part -------------- An embedded message was scrubbed... From: Charles Clancy <mgrtcc at cs.rose-hulman.edu> Subject: Problems on Sparcs Date: Wed, 6 Dec 2000 09:55:41 -0500 (EST) Size: 2913 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20001206/c7cb5d2a/attachment.mht
2002 Mar 11
1
Problem ssh: Permission denied
...words no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options # KerberosAuthentication automatically enabled if keyfile exists #KerberosAuthentication yes #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # AFSTokenPassing automatically enabled if k_hasafs() is true #AFSTokenPassing yes # Kerberos TGT Passing only works with the AFS kaserver #KerberosTgtPassing no # Set this to 'yes' to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAMAuthenticationViaKbd...
2004 Aug 24
1
Possible problem with hostbased protocol 1 rhosts authentication
...words no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options # KerberosAuthentication automatically enabled if keyfile exists #KerberosAuthentication yes #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # AFSTokenPassing automatically enabled if k_hasafs() is true #AFSTokenPassing yes # Kerberos TGT Passing only works with the AFS kaserver #KerberosTgtPassing no # Set this to 'yes' to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAMAuthenticationViaKbd...
2000 Jan 19
3
AIX openssh patches
...quot;, user); + /* Do the authentication. */ do_authentication(user); } *************** *** 1084,1089 **** --- 1090,1099 ---- { struct passwd *pw, pwcopy; + #ifdef _AIX + char *loginmsg; + #endif + #ifdef AFS /* If machine has AFS, set process authentication group. */ if (k_hasafs()) { *************** *** 1092,1097 **** --- 1102,1109 ---- } #endif /* AFS */ + pw = (struct passwd *) malloc (sizeof(struct passwd)); + /* Verify that the user is a valid user. */ pw = getpwnam(user); if (!pw || !allowed_user(pw)) *************** *** 1133,1138 **** --- 1145,1151...
2000 Oct 04
0
2.2.0p1 chroot patch
...ROOT */ + if (setgid(pw->pw_gid) < 0) { perror("setgid"); exit(1); @@ -1024,7 +1048,6 @@ #ifdef HAVE_LOGIN_CAP shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); #endif - #ifdef AFS /* Try to get AFS tokens for the local cell. */ if (k_hasafs()) { -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 524 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20001004/0a0ea6b3/attachment.bin