search for: krb5_context

...goto out; + problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache); problem = krb5_cc_initialize(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, authctxt->krb5_user); @@ -234,4 +210,31 @@ } } +#ifndef HEIMDAL +krb5_error_code +ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { + int tmpfd; + char ccname[40]; + mode_t old_umask; + + snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); + + old_umask = umask(0177); + tmpfd = mkstemp(ccname + strlen("FILE:")); + umask(old_umask); + if (tmpfd == -1) { + logit...

...KS: START LIBREPLACE_LOCATION_CHECKS: END LIBREPLACE_CC_CHECKS: START checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out ... ... ... checking for krb5_addresses type... no checking for krb5_error_code krb5_enctype_to_string(krb5_context context, krb5_enctype enctype, char **str)... no checking for krb5_error_code krb5_enctype_to_string(krb5_enctype enctype, char *str, size_t len)... yes checking for krb5_principal_get_realm... no checking for krb5_princ_realm... yes checking for KRB5_PDU_NONE declaration... no checking for flags i...

First thing - I'd like to say a big "THANK YOU" to the developers. I just upgraded to samba-3.0.23 and I've noticed an alarming issue with respect to my configuration. I've been using the built-in keytab management and it looks like the updated code no longer creates the userPrincipal in Active Directory. Whether this is an issue for others or not, it would be nice to have

...en these 2 releases: $ git log --pretty=oneline cifs-utils-6.6...cifs-utils-6.4 cifs.upcall.c 7852bec cifs.upcall: stop passing around ccache name strings 39dbb7b cifs.upcall: make get_tgt_time take a ccache arg 3db6b3a cifs.upcall: remove KRB5_TC_OPENCLOSE a3743af cifs.upcall: make the krb5_context a static global variable 9be6e88 cifs.upcall: use krb5 routines to get default ccname It seems the way cached credentials are searched changed, which your logs show if you diff them: uid=0 creduid=0 user=smbadmin at PHYSICS.WISC.EDU -pid=27600 -find_krb5_cc: scandir error on directory &...

...ads_keytab_add_entry() ret = smb_krb5_open_keytab(context, NULL, True, &keytab); if (ret) { DEBUG(1,("ads_keytab_add_entry: smb_krb5_open_keytab failed (%s)\n", error_message(ret))); goto out; } libsmb/clikrb5.c smb_krb5_open_keytab(krb5_context context, const char *keytab_name_req, bool write_access, krb5_keytab *keytab) ) /* we need to handle more complex keytab_strings, like: * "ANY:FILE:/etc/krb5.k...

...-R/usr/local/Be rkeleyDB.4.1/lib -R/usr/local/openssl/lib'\" I get the following error trying to compile libads/kerberos_verify.c "libads/kerberos_verify.c", line 77: improper member use: keyblock The relevant code below looks okay to me static krb5_error_code create_keytab(krb5_context context, krb5_principal host_princ, char *host_princ_s, krb5_data password, krb5_enctype *enctypes, krb5_keytab *k...

.... + */ + +#include "includes.h" + +#ifdef GSSAPI +#ifdef KRB5 + +#include "auth.h" +#include "xmalloc.h" +#include "log.h" +#include "servconf.h" + +#include "ssh-gss.h" + +extern ServerOptions options; + +#include <krb5.h> + +static krb5_context krb_context = NULL; + +/* Initialise the krb5 library, for the stuff that GSSAPI won't do */ + +static int +ssh_gssapi_krb5_init() +{ + krb5_error_code problem; + + if (krb_context != NULL) + return 1; + + problem = krb5_init_context(&krb_context); + if (problem) { + logit("Cannot in...

Attached is a patch to make sshd work on OSX when using plain ol' Kerberos authentication as opposed to opendirectory authentication. Cheers, Nick -------------------------------------------------------------------------- NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the

...we try to use     the keytab to init the credcache before proceeding.          Signed-off-by: Jeff Layton <jlayton at samba.org> commit a3743af0c579cee61b816080de978ae7a7663b05 Author: Jeff Layton <jlayton at samba.org> Date:   Mon Aug 22 07:34:21 2016 -0400     cifs.upcall: make the krb5_context a static global variable          There's no need to keep initing a new context for every function. Just     do it once and reuse as needed.          Signed-off-by: Jeff Layton <jlayton at samba.org> commit 3db6b3a814a2908b230fcfbdb82846775e56dd93 Author: Jeff Layton <jlayton at samba...

...s,DC=mydc,DC=mydom,DC=com Deleted CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydc,DC=mydom,DC=com Deleted CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydc,DC=mydom,DC=com ERROR(ldb): uncaught exception - Failed to setup krb5_context: Invalid argument   File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run     return self.run(*args, **kwargs)   File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 661, in run     machinepass=machinepass, use_ntvfs=use_n...

...; LIBREPLACE_CC_CHECKS: START > checking for gcc... gcc > checking whether the C compiler works... yes > checking for C compiler default output file name... a.out > ... > ... > ... > checking for krb5_addresses type... no > checking for krb5_error_code krb5_enctype_to_string(krb5_context context, krb5_enctype enctype, char **str)... no > checking for krb5_error_code krb5_enctype_to_string(krb5_enctype enctype, char *str, size_t len)... yes > checking for krb5_principal_get_realm... no > checking for krb5_princ_realm... yes > checking for KRB5_PDU_NONE declaration... no...

...-- next part -------------- --- openssh-2.9.9p2.orig/sshconnect1.c Sat Jul 14 04:17:00 2001 +++ openssh-2.9.9p2/sshconnect1.c Thu Sep 27 09:58:37 2001 @@ -1111,13 +1111,14 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, Key **keys, int nkeys) { + #ifdef KRB5 krb5_context context = NULL; krb5_auth_context auth_context = NULL; #endif int i, type; int payload_len; - + if (supported_authentications == 0) fatal("ssh_userauth1: server supports no auth methods"); @@ -1139,6 +1140,23 @@ goto success; if (type != SSH_SMSG_FAILURE) packet_dis...

...nthil Kumar. Test Program: /* Senthil test program for Kerberos */ /* To compile cc -o check_valid Test_krb5.c -lkrb5 */ /* To run ./check_valid <username> <kerberos passwd> */ #include <stdio.h> #include <krb5.h> int main(int argc,char **argv) { krb5_error_code problem; krb5_context context=NULL; krb5_principal client = NULL; krb5_creds creds; char *str=argv[1]; char *mypassword=NULL; if (context == NULL) { problem = krb5_init_context(&context); if(problem) { printf("\nproblem in initialization and krb5_init_context fails\n");...

...ng revision 1.58 diff -u -r1.58 auth.h --- usr.bin/ssh/auth.h 2006/08/18 09:15:20 1.58 +++ usr.bin/ssh/auth.h 2006/09/18 09:35:53 @@ -61,6 +61,7 @@ void *kbdintctxt; #ifdef BSD_AUTH auth_session_t *as; + char **auth_env_mod; /* env changes requested by login script */ #endif #ifdef KRB5 krb5_context krb5_ctx; @@ -122,6 +123,12 @@ int auth_krb5_password(Authctxt *authctxt, const char *password); void krb5_cleanup_proc(Authctxt *authctxt); #endif /* KRB5 */ + +#ifdef BSD_AUTH +int auth_close_do_env(Authctxt *authctxt, auth_session_t *as); +void bsdauth_env_free(Authctxt *authctxt, char **env...

I have some hardware running CentOS 7 and Sernet Samba 4.7 that started out as a member server that I would like to make into a 2nd DC. However I am having trouble converting it because it seems I am not removing all the remnants of the client setup. What I thought I would have to do is this: 1.) net ads leave -U administrator 2.) Remove the machine entry on the 1st DC 3.) mv /var/lib/samba

...bsmb/clikrb5.o *** Error code 2 ... make: Fatal error: Command failed for target `libsmb/clikrb5.o' B. The immediate cause of the problem: What's causing the #error: UNKNOWN_KRB5_ENCTYPE_TO_STRING_FUNCTION is that with Heimdal, configure should be setting HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG in config.h, but it's not: $ grep HAVE_KRB5_ENCTYPE_TO_STRING include/config.h #define HAVE_KRB5_ENCTYPE_TO_STRING 1 /* #undef HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG */ /* #undef HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG */ C. The root cause of the problem: The conf...

Hello, On Debian 9 (stretch prerelease) I am able to mount with the following command with root using the following command: mount -t cifs //smb.physics.wisc.edu/smb /smb -osec=krb5,multiuser,username=smbadmin at PHYSICS.WISC.EDU --verbose root can also access files as expected However, when cifs-utils 6.6-5 is installed, a different user cannot access as expected: ls /smb ls: cannot

Apologies for v3 series, I had some extra patches in there. This is the one that should have been sent. Relabeled as v4 for clarity. Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop

Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop capabilities before doing most of its work. This may help reduce the attack surface of the program. Jeff Layton (4): cifs.upcall: convert

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |