search for: kerberostgtpassing

Displaying 20 results from an estimated 38 matches for "kerberostgtpassing".

2002 Aug 09
0
patch to ssh.c for KerberosTgtPassing and readability patches for config files and manpages
Hey All, Found a very minor problem with client implementation of KerberosTgtPassing command line flag in ssh.c (first diff). We also made some readability patches to the config files and manpages to make the option clearer (the remainder of the diffs). diffs are against -current Index: ssh.c =================================================================== RCS file: /cvs/o...
2002 Apr 21
3
OpenSSH Security Advisory (adv.token)
A buffer overflow exists in OpenSSH's sshd if sshd has been compiled with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default. 1. Systems affected: All Versions of OpenSSH compiled with AFS/Kerberos support and ticket/token passing enabled contain a buffer overflow. Ticket/Token passi...
2002 Apr 21
3
OpenSSH Security Advisory (adv.token)
A buffer overflow exists in OpenSSH's sshd if sshd has been compiled with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default. 1. Systems affected: All Versions of OpenSSH compiled with AFS/Kerberos support and ticket/token passing enabled contain a buffer overflow. Ticket/Token passi...
2002 May 02
0
[Bug 234] New: OpenSSH does not compile on OpenBSD 3.1
...tc/sshd_config: line 69: Bad configuration option: KerberosOrLocalPasswd /usr/local/etc/sshd_config: line 70: Bad configuration option: KerberosTicketCleanup /usr/local/etc/sshd_config: line 74: Bad configuration option: AFSTokenPassing /usr/local/etc/sshd_config: line 77: Bad configuration option: KerberosTgtPassing /usr/local/etc/sshd_config: terminating, 5 bad configuration options Experimentation reveals that these are the only options that sshd does not recognize. ssh does not like these configuration options, either: /usr/local/etc/ssh_config: line 20: Bad configuration option: AFSTokenPassing /usr/loc...
2000 Sep 14
0
modifying Openssh config script for KTH-KRB (fwd)
...was the only one I was able to find. In case you don't want to look at all the stuff below, the situation is briefly that I am trying to compile openssh with kerberos 4 support, which it apparently has. However, it can't find krb.h, which is right there. And it compiles OK, but gives "KerberosTgtPassing yes" as a bad option, which can't be good, and I don't get properly authenticated when I log in, which is obviously the whole point. If this ssh cannot be compiled with this krb4 version, can you suggest a version it *would* compile correctly with? It is possible the configure file cou...
2000 Apr 09
2
Password Login Failing... (Not sure this went through)
...rdAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes CheckMail no UseLogin no
2002 Jan 23
1
Fix AFS and Kerberos interaction
...) && defined(KRB4) #include <krb.h> #include <radix.h> @@ -211,4 +211,4 @@ return 1; } -#endif /* AFS */ +#endif /* AFS && KRB4 */ --- readconf.c 2002/01/23 12:18:23 1.1 +++ readconf.c 2002/01/23 12:23:17 @@ -102,7 +102,7 @@ #if defined(AFS) || defined(KRB5) oKerberosTgtPassing, #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) oAFSTokenPassing, #endif oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, @@ -147,7 +147,7 @@ #if defined(AFS) || defined(KRB5) { "kerberostgtpassing", oKerberosTgtPassing }, #endif -#ifdef AF...
2003 Nov 13
1
SSHD password authentication issue in 4.9-RELEASE and 5.1-RELEASE
...ntication no PermitEmptyPasswords no # Change to no to disable PAM authentication #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #AFSTokenPassing no # Kerberos TGT Passing only works with the AFS kaserver #KerberosTgtPassing no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #KeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression yes #MaxStartups 10 # no default banner path #Banner /some/path #VerifyReverseMapping no # override defa...
2004 Sep 17
3
sftp-server debug output
...this may bypass the setting of ''PasswordAuthentication'' #PAMAuthenticationViaKbdInt yes # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes X11Forwarding yes X11DisplayOffset 256 PrintMotd no #PrintLastLog no KeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingCheck yes Subsystem sftp /opt/talisen/ssh/rsftp-server --------- end of file --------- Anyone know what I''m miss...
2001 Feb 21
1
further problems with OpenSSH 2.5.1p1 on RH 6.2
...on yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #ChallengeResponseAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes #CheckMail yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingCheck yes Subsystem sftp /usr/libexec/openssh/sftp-server Carl
2003 Dec 16
11
[Bug 774] banner is displaying twice (/etc/issue)
http://bugzilla.mindrot.org/show_bug.cgi?id=774 Summary: banner is displaying twice (/etc/issue) Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Solaris Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:
2002 Apr 26
0
Revised OpenSSH Security Advisory (adv.token)
This is the 2nd revision of the Advisory. Buffer overflow in OpenSSH's sshd if AFS has been configured on the system or if KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default. 1. Systems affected: All Versions of OpenSSH with AFS/Kerberos token passing compiled in and enabled (either in the system or in sshd_config) contain a buffer...
2000 Apr 09
0
Non-member submission from [Keith Baker <ssh@par.dhs.org>] (fwd)
...rdAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes CheckMail no UseLogin no
2000 May 28
0
Kerberos/AFS options in ssh/sshd while disabling them in configure
...and refuses to run if you set options about them in ssh_config or sshd_config. I'm not sure if this is the intended (or good?) behaviour. Should it be better to modify the man pages when ./configuring too? Like, adding a small sentence about stuff disabled at compile time. An example: KerberosTgtPassing Specifies whether a Kerberos TGT will be forwarded to the server. This will only work if the Kerberos server is actually an AFS kaserver. The argument to this keyword must be ``yes'' or ``no''. This option has been disabled at com...
2000 Sep 13
1
Kerberos/AFS options in ssh/sshd while disabling them in configure
...and refuses to run if you set options about them in ssh_config or sshd_config. I'm not sure if this is the intended (or good?) behaviour. Should it be better to modify the man pages when ./configuring too? Like, adding a small sentence about stuff disabled at compile time. An example: KerberosTgtPassing Specifies whether a Kerberos TGT will be forwarded to the server. This will only work if the Kerberos server is actually an AFS kaserver. The argument to this keyword must be ``yes'' or ``no''. This option has been disabled at com...
2002 Mar 09
0
krb5 problem: KRB5CCNAME is ""; possible fix for OpenSSH 3.0.2p1
...gs like kinit to fail with a somewhat uninformative error message. The relevant sshd_config lines I use are: # To change Kerberos options KerberosAuthentication yes KerberosOrLocalPasswd yes #AFSTokenPassing no KerberosTicketCleanup yes # Kerberos TGT Passing does only work with the AFS kaserver KerberosTgtPassing no I'm using MIT Kerberos. As far as I can tell (after scanning the code for a few hours and I'm not a programmer) the problem is in auth_krb5_password. 244 problem = krb5_cc_resolve(authctxt->krb5_ctx, "MEMORY:", 245 &authctxt->krb5_fwd_cc...
2002 Apr 26
0
Revised OpenSSH Security Advisory (adv.token)
This is the 2nd revision of the Advisory. Buffer overflow in OpenSSH's sshd if AFS has been configured on the system or if KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default. 1. Systems affected: All Versions of OpenSSH with AFS/Kerberos token passing compiled in and enabled (either in the system or in sshd_config) contain a buffer...
2003 Feb 20
0
OpenSSH_3.5p1 server, PC clients cannot connect
...entication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #AFSTokenPassing no # Kerberos TGT Passing only works with the AFS kaserver #KerberosTgtPassing no # Set this to 'yes' to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAMAuthenticationViaKbdInt no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #KeepAli...
2003 Dec 02
1
Sun Kerberos Password Expiration Problems with OpenSSH 3.7.1p2
...nterval 0 ClientAliveCountMax 3 Compression yes #DenyGroups * #DenyUsers * GatewayPorts no HostbasedAuthentication no HostKey /etc/ssh/ssh_host_rsa_key IgnoreRhosts yes IgnoreUserKnownHosts no KeepAlive yes #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTgtPassing no #KerberosTicketCleanup yes KeyRegenerationInterval 3600 Port 22 ListenAddress 0.0.0.0 LoginGraceTime 300 LogLevel INFO MACs hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 MaxStartups 10 #PAMAuthenticationViaKbdInt no PasswordAuthentication no PermitEmptyPa...
2002 Jun 25
0
[Bug 289] New: mmap error when trying to use 3.3p1 with privsep
...entication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #AFSTokenPassing no # Kerberos TGT Passing only works with the AFS kaserver #KerberosTgtPassing no # Set this to 'yes' to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAMAuthenticationViaKbdInt yes #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes PrintMotd yes PrintLastLog yes KeepAliv...