search for: kerberos_tgt_pass

...) || defined(KRB5) { "kerberostgtpassing", oKerberosTgtPassing }, #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) { "afstokenpassing", oAFSTokenPassing }, #endif { "fallbacktorsh", oFallBackToRsh }, @@ -368,7 +368,7 @@ intptr = &options->kerberos_tgt_passing; goto parse_flag; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) case oAFSTokenPassing: intptr = &options->afs_token_passing; goto parse_flag; @@ -757,7 +757,7 @@ #if defined(AFS) || defined(KRB5) options->kerberos_tgt_passing = -1; #endif -#ifdef AFS +#i...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...if (type != SSH_SMSG_FAILURE) packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type); +#ifdef AFS + /* Try Kerberos v4 TGT passing if the server supports it. */ + if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && + options.kerberos_tgt_passing) { + if (options.cipher == SSH_CIPHER_NONE) + log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); + send_krb4_tgt(); + } + /* Try AFS token passing if the server supports it. */ + + if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN))...

..."gssapiauthentication", oUnsupported }, + { "gssapidelegatecredentials", oUnsupported }, +#endif { "fallbacktorsh", oDeprecated }, { "usersh", oDeprecated }, { "identityfile", oIdentityFile }, @@ -393,6 +400,14 @@ intptr = &options->kerberos_tgt_passing; goto parse_flag; + case oGssAuthentication: + intptr = &options->gss_authentication; + goto parse_flag; + + case oGssDelegateCreds: + intptr = &options->gss_deleg_creds; + goto parse_flag; + case oBatchMode: intptr = &options->batch_mode; goto parse_flag; @@...

...== 0); + retval=(strcmp(encrypted_password, pw_password) == 0); + goto out; #endif /* !USE_PAM && !HAVE_OSF_SIA */ + + + out: + + if (retval) { + debug("Disabling KRB4 TGT and AFS token forwarding after successful password auth"); + options.afs_token_passing = 0; + options.kerberos_tgt_passing = 0; + } + return retval; }

...X11 connection forwarding (default).\n"); @@ -312,7 +312,7 @@ case 'A': options.forward_agent = 1; break; -#ifdef AFS +#if defined (AFS) || defined (KRB5) case 'k': options.kerberos_tgt_passing = 0; options.afs_token_passing = 0; Index: ssh.1 =================================================================== RCS file: /cvs/openssh/ssh.1,v retrieving revision 1.119 diff -u -r1.119 ssh.1 --- ssh.1 23 Jun 2002 00:32:12 -0000 1.119 +++ ssh.1 9 Aug...

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer