search for: krb5_free_principal

...bb244 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -106,6 +106,11 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) } else retval = 0; +#ifdef USE_PAM + if (options.use_pam) + do_pam_putenv("KRB5PRINCIPAL", (char *)client->displayname.value); +#endif + krb5_free_principal(krb_context, princ); return retval; } -- 2.11.0

...sn1.c: No such file or directory. (gdb) bt #0 free_PrincipalName (data=data at entry=0x45) at default/source4/heimdal/lib/asn1/asn1_krb5_asn1.c:961 #1 0x00007fffef9d4639 in free_Principal (data=data at entry=0x45) at default/source4/heimdal/lib/asn1/asn1_krb5_asn1.c:1123 #2 0x00007ffff7991fb1 in krb5_free_principal (context=context at entry=0x0, p=0x45) at ../source4/heimdal/lib/krb5/principal.c:84 #3 0x00007ffff79856c4 in krb5_kt_free_entry (context=0x0, entry=entry at entry=0x7fffffffdb70) at ../source4/heimdal/lib/krb5/keytab.c:709 #4 0x00007ffff3cc08e5 in smb_krb5_kt_free_entry (context=<optimized ou...

Hello, I have a question about SSH with Kerberos password authentication . Do I receive any host ticket to my client machine when I do ssh connection with Kerberos password authenticaiton? If dont, why? If I login to remote machine through telnet with Kerberos Password authentication [through PAM-kerberos], then I can see the tickets with klist. But with the same setup for sshd, I cannot see

...or directory. > (gdb) bt > #0 free_PrincipalName (data=data at entry=0x45) at default/source4/heimdal/lib/asn1/asn1_krb5_asn1.c:961 > #1 0x00007fffef9d4639 in free_Principal (data=data at entry=0x45) at default/source4/heimdal/lib/asn1/asn1_krb5_asn1.c:1123 > #2 0x00007ffff7991fb1 in krb5_free_principal (context=context at entry=0x0, p=0x45) at ../source4/heimdal/lib/krb5/principal.c:84 > #3 0x00007ffff79856c4 in krb5_kt_free_entry (context=0x0, entry=entry at entry=0x7fffffffdb70) at ../source4/heimdal/lib/krb5/keytab.c:709 > #4 0x00007ffff3cc08e5 in smb_krb5_kt_free_entry (context=<op...

...6 +106,11 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) >> } else >> retval = 0; >>+#ifdef USE_PAM >>+ if (options.use_pam) >>+ do_pam_putenv("KRB5PRINCIPAL", (char *)client->displayname.value); >>+#endif >>+ >> krb5_free_principal(krb_context, princ); >> return retval; >> } >Hello, > >this change request is already tracked as a bug #2063 [1] (with the >related configuration option). Having this working in future releases >would be very nice. > >[1] https://bugzilla.mindrot.org/show_bug.c...

...ig 2012-07-12 14:33:31.117551679 +0200 +++ gss-serv-krb5.c 2012-07-12 14:34:30.319020970 +0200 @@ -104,6 +104,11 @@ } else retval = 0; +#ifdef USE_PAM + if (options.use_pam) + do_pam_putenv("GSS_AUTH_KRB5_PRINC", (char *)client->displayname.value); +#endif + krb5_free_principal(krb_context, princ); return retval; } -------------- next part -------------- A non-text attachment was scrubbed... Name: pubkey_fingerprint.patch Type: text/x-diff Size: 361 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141228/a4082cbc/atta...

Hi All, Whe tryin to use: net ads keytab create, I get the following segfault: Program received signal SIGSEGV, Segmentation fault. 0x00007fffef9d3f69 in free_PrincipalName () from /usr/lib/x86_64-linux-gnu/samba/libasn1-samba4.so.8 I am using samba 4.2.10 from Debian. Deb8u3 package Anyone knows how to fix this?

Hi, Since 1 month, I tried without any success to configure Samba. My problem is that winbind crashes when I list users and groups. And I think that it is linked to my trusted domains (wbinfo -domain=myADdomain -u works well). The error is the following : [2006/07/11 14:30:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(757) got principal=machine$@TRUSTEDDOMAIN.COM [2006/07/11

...ternal error [2007/02/12 15:14:27, 0] lib/util.c:log_stack_trace(1706) BACKTRACE: 22 stack frames: #0 /usr/sbin/winbindd(log_stack_trace+0x2d) [0x800c5c5d] #1 /usr/sbin/winbindd(smb_panic+0x5d) [0x800c5d8d] #2 /usr/sbin/winbindd [0x800b1b6a] #3 [0xffffe420] #4 /usr/lib/libkrb5.so.3(krb5_free_principal+0x76) [0xb7edee46] #5 /usr/lib/libkrb5.so.3(krb5_free_cred_contents+0x2d) [0xb7ee015d] #6 /usr/lib/libkrb5.so.3(krb5_free_creds+0x29) [0xb7ee0249] #7 /usr/lib/libkrb5.so.3(krb5_free_tgt_creds+0x2e) [0xb7ee028e] #8 /usr/lib/libkrb5.so.3(krb5_get_credentials+0x1dc) [0xb7edac9c] #9 /usr...

...e(): %.100s", + krb5_get_err_text(krb_context, retval)); + return 0; + } + if (krb5_kuserok(krb_context, princ, name)) { + retval = 1; + logit("Authorized to %s, krb5 principal %s (krb5_kuserok)", + name, (char *)client->displayname.value); + } else + retval = 0; + + krb5_free_principal(krb_context, princ); + return retval; +} + + +/* This writes out any forwarded credentials from the structure populated + * during userauth. Called after we have setuid to the user */ + +static void +ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) +{ + krb5_ccache ccache; + krb5_error_code pr...

First thing - I'd like to say a big "THANK YOU" to the developers. I just upgraded to samba-3.0.23 and I've noticed an alarming issue with respect to my configuration. I've been using the built-in keytab management and it looks like the updated code no longer creates the userPrincipal in Active Directory. Whether this is an issue for others or not, it would be nice to have

...to err; @@ -144,19 +143,16 @@ krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, client); - packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); - packet_put_string((char *) reply.data, reply.length); - packet_send(); - packet_write_wait(); - ret = 1; err: if (server) krb5_free_principal(authctxt->krb5_ctx, server); if (ticket) krb5_free_ticket(authctxt->krb5_ctx, ticket); - if (reply.length) - xfree(reply.data); + if (!ret && reply->length) { + xfree(reply->data); + memset(reply, 0, sizeof(*reply)); + } if (problem) { if (authctxt->krb5_ctx !=...

...internal error [2007/01/31 17:15:06, 0] lib/util.c:smb_panic2(1562) BACKTRACE: 22 stack frames: #0 /usr/sbin/winbindd(smb_panic2+0x8a) [0x800b79ea] #1 /usr/sbin/winbindd(smb_panic+0x19) [0x800b7c49] #2 /usr/sbin/winbindd [0x800a1fa2] #3 [0xffffe420] #4 /usr/lib/libkrb5.so.3(krb5_free_principal+0x63) [0xb7ed0e33] #5 /usr/lib/libkrb5.so.3(krb5_free_cred_contents+0x2d) [0xb7ed215d] #6 /usr/lib/libkrb5.so.3(krb5_free_creds+0x29) [0xb7ed2249] #7 /usr/lib/libkrb5.so.3(krb5_free_tgt_creds+0x2e) [0xb7ed228e] #8 /usr/lib/libkrb5.so.3(krb5_get_credentials+0x1dc) [0xb7eccc9c] #9...

...rc/thirdparty/libs/libsmbclient.so: undefined reference to `krb5_copy_principal@krb5_3_MIT' /lib/libssl.so.6: undefined reference to `krb5_decrypt_tkt_part@krb5_3_MIT' /net/172.17.8.206/usr/local/avinash/p4/iControl/src/subsystems/src/thirdparty/libs/libsmbclient.so: undefined reference to `krb5_free_principal@krb5_3_MIT' /lib/libssl.so.6: undefined reference to `krb5_auth_con_setrcache@krb5_3_MIT' /net/172.17.8.206/usr/local/avinash/p4/iControl/src/subsystems/src/thirdparty/libs/libsmbclient.so: undefined reference to `krb5_cc_get_name@krb5_3_MIT' /lib/libssl.so.6: undefined reference to `kr...

Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

...xt,retval)); return 0; } - if (krb5_kuserok(krb_context, princ, name)) { + + /* Try authorized_keys first */ + by = "authorized_keys"; + retval = user_key_allowed(getpwnam(name), &k); + if (retval < 0) { + debug("ssh_gssapi_krb5_userok: access denied in %s", by); + krb5_free_principal(krb_context, princ); + return 0; + } + if (retval == 0 && krb5_kuserok(krb_context, princ, name)) { + by = "krb5_kuserok"; retval = 1; - log("Authorized to %s, krb5 principal %s (krb5_kuserok)",name, - (char *)gssapi_client_name.value); } - else - retval =...

...name_type); + if ((retval=krb5_parse_name(krb_context, gssapi_client_name.value, &princ))) { log("krb5_parse_name(): %.100s", krb5_get_err_text(krb_context,retval)); return 0; } + + retval2 = user_key_allowed(getpwnam(name), &k); + if (retval2 < 0) { + krb5_free_principal(krb_context, princ); + return 0; + } + if (krb5_kuserok(krb_context, princ, name)) retval = 1; else retval = 0; + if (retval2 > 0) + log("Authorized to %s, krb5 principal %s (authorized_keys2)", name, gssapi_client_name.value); + else if (retval > 0) + log("Auth...