Displaying 20 results from an estimated 38 matches for "kerberostgtpass".
2002 Aug 09
0
patch to ssh.c for KerberosTgtPassing and readability patches for config files and manpages
Hey All,
Found a very minor problem with client implementation of
KerberosTgtPassing command line flag in ssh.c (first diff). We also
made some readability patches to the config files and manpages to make
the option clearer (the remainder of the diffs).
diffs are against -current
Index: ssh.c
===================================================================
RCS file: /cv...
2002 Apr 21
3
OpenSSH Security Advisory (adv.token)
A buffer overflow exists in OpenSSH's sshd if sshd has been compiled
with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing
has been enabled in the sshd_config file. Ticket and token passing
is not enabled by default.
1. Systems affected:
All Versions of OpenSSH compiled with AFS/Kerberos support
and ticket/token passing enabled contain a buffer overflow.
Ticket/Token pa...
2002 Apr 21
3
OpenSSH Security Advisory (adv.token)
A buffer overflow exists in OpenSSH's sshd if sshd has been compiled
with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing
has been enabled in the sshd_config file. Ticket and token passing
is not enabled by default.
1. Systems affected:
All Versions of OpenSSH compiled with AFS/Kerberos support
and ticket/token passing enabled contain a buffer overflow.
Ticket/Token pa...
2002 May 02
0
[Bug 234] New: OpenSSH does not compile on OpenBSD 3.1
...tc/sshd_config: line 69: Bad configuration option: KerberosOrLocalPasswd
/usr/local/etc/sshd_config: line 70: Bad configuration option: KerberosTicketCleanup
/usr/local/etc/sshd_config: line 74: Bad configuration option: AFSTokenPassing
/usr/local/etc/sshd_config: line 77: Bad configuration option: KerberosTgtPassing
/usr/local/etc/sshd_config: terminating, 5 bad configuration options
Experimentation reveals that these are the only options that sshd does not
recognize. ssh does not like these configuration options, either:
/usr/local/etc/ssh_config: line 20: Bad configuration option: AFSTokenPassing
/usr/...
2000 Sep 14
0
modifying Openssh config script for KTH-KRB (fwd)
...was the only
one I was able to find.
In case you don't want to look at all the stuff below, the situation is
briefly that I am trying to compile openssh with kerberos 4 support, which
it apparently has. However, it can't find krb.h, which is right there. And
it compiles OK, but gives "KerberosTgtPassing yes" as a bad option, which
can't be good, and I don't get properly authenticated when I log in, which
is obviously the whole point. If this ssh cannot be compiled with this
krb4 version, can you suggest a version it *would* compile correctly with?
It is possible the configure file...
2000 Apr 09
2
Password Login Failing... (Not sure this went through)
...rdAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
#SkeyAuthentication no
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
CheckMail no
UseLogin no
2002 Jan 23
1
Fix AFS and Kerberos interaction
...) && defined(KRB4)
#include <krb.h>
#include <radix.h>
@@ -211,4 +211,4 @@
return 1;
}
-#endif /* AFS */
+#endif /* AFS && KRB4 */
--- readconf.c 2002/01/23 12:18:23 1.1
+++ readconf.c 2002/01/23 12:23:17
@@ -102,7 +102,7 @@
#if defined(AFS) || defined(KRB5)
oKerberosTgtPassing,
#endif
-#ifdef AFS
+#if defined(AFS) && defined(KRB4)
oAFSTokenPassing,
#endif
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
@@ -147,7 +147,7 @@
#if defined(AFS) || defined(KRB5)
{ "kerberostgtpassing", oKerberosTgtPassing },
#endif
-#ifdef...
2003 Nov 13
1
SSHD password authentication issue in 4.9-RELEASE and 5.1-RELEASE
...ntication no
PermitEmptyPasswords no
# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override d...
2004 Sep 17
3
sftp-server debug output
...this may bypass the setting of
''PasswordAuthentication''
#PAMAuthenticationViaKbdInt yes
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
X11Forwarding yes
X11DisplayOffset 256
PrintMotd no
#PrintLastLog no
KeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
Subsystem sftp /opt/talisen/ssh/rsftp-server
--------- end of file ---------
Anyone know what I''m m...
2001 Feb 21
1
further problems with OpenSSH 2.5.1p1 on RH 6.2
...on yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
#CheckMail yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
Subsystem sftp /usr/libexec/openssh/sftp-server
Carl
2003 Dec 16
11
[Bug 774] banner is displaying twice (/etc/issue)
http://bugzilla.mindrot.org/show_bug.cgi?id=774
Summary: banner is displaying twice (/etc/issue)
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: All
OS/Version: Solaris
Status: NEW
Severity: security
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2002 Apr 26
0
Revised OpenSSH Security Advisory (adv.token)
This is the 2nd revision of the Advisory.
Buffer overflow in OpenSSH's sshd if AFS has been configured on the
system or if KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
1. Systems affected:
All Versions of OpenSSH with AFS/Kerberos token passing
compiled in and enabled (either in the system or in
sshd_config) contain a buff...
2000 Apr 09
0
Non-member submission from [Keith Baker <ssh@par.dhs.org>] (fwd)
...rdAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
#SkeyAuthentication no
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
CheckMail no
UseLogin no
2000 May 28
0
Kerberos/AFS options in ssh/sshd while disabling them in configure
...and
refuses to run if you set options about them in ssh_config or sshd_config.
I'm not sure if this is the intended (or good?) behaviour.
Should it be better to modify the man pages when ./configuring too? Like,
adding a small sentence about stuff disabled at compile time. An example:
KerberosTgtPassing
Specifies whether a Kerberos TGT will be forwarded to the server.
This will only work if the Kerberos server is actually an AFS
kaserver. The argument to this keyword must be ``yes'' or
``no''. This option has been disabled at...
2000 Sep 13
1
Kerberos/AFS options in ssh/sshd while disabling them in configure
...and
refuses to run if you set options about them in ssh_config or sshd_config.
I'm not sure if this is the intended (or good?) behaviour.
Should it be better to modify the man pages when ./configuring too? Like,
adding a small sentence about stuff disabled at compile time. An example:
KerberosTgtPassing
Specifies whether a Kerberos TGT will be forwarded to the
server.
This will only work if the Kerberos server is actually an AFS
kaserver. The argument to this keyword must be ``yes'' or
``no''. This option has been disabled at...
2002 Mar 09
0
krb5 problem: KRB5CCNAME is ""; possible fix for OpenSSH 3.0.2p1
...gs like kinit to
fail with a somewhat uninformative error message.
The relevant sshd_config lines I use are:
# To change Kerberos options
KerberosAuthentication yes
KerberosOrLocalPasswd yes
#AFSTokenPassing no
KerberosTicketCleanup yes
# Kerberos TGT Passing does only work with the AFS kaserver
KerberosTgtPassing no
I'm using MIT Kerberos.
As far as I can tell (after scanning the code for a few hours
and I'm not a programmer) the problem is in auth_krb5_password.
244 problem = krb5_cc_resolve(authctxt->krb5_ctx, "MEMORY:",
245 &authctxt->krb5_fwd...
2002 Apr 26
0
Revised OpenSSH Security Advisory (adv.token)
This is the 2nd revision of the Advisory.
Buffer overflow in OpenSSH's sshd if AFS has been configured on the
system or if KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
1. Systems affected:
All Versions of OpenSSH with AFS/Kerberos token passing
compiled in and enabled (either in the system or in
sshd_config) contain a buff...
2003 Feb 20
0
OpenSSH_3.5p1 server, PC clients cannot connect
...entication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#Keep...
2003 Dec 02
1
Sun Kerberos Password Expiration Problems with OpenSSH 3.7.1p2
...nterval 0
ClientAliveCountMax 3
Compression yes
#DenyGroups *
#DenyUsers *
GatewayPorts no
HostbasedAuthentication no
HostKey /etc/ssh/ssh_host_rsa_key
IgnoreRhosts yes
IgnoreUserKnownHosts no
KeepAlive yes
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTgtPassing no
#KerberosTicketCleanup yes
KeyRegenerationInterval 3600
Port 22
ListenAddress 0.0.0.0
LoginGraceTime 300
LogLevel INFO
MACs
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
MaxStartups 10
#PAMAuthenticationViaKbdInt no
PasswordAuthentication no
PermitEmpt...
2002 Jun 25
0
[Bug 289] New: mmap error when trying to use 3.3p1 with privsep
...entication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd yes
PrintLastLog yes
KeepA...