search for: krb5_fwd_ccache

...@@ -199,6 +199,25 @@ return (1); } +/* + * Mainly useful with GSSAPI Kerberos 5 forwarded credentials. + * Called after we have setuid to the user. + */ +void +session_krb5_use_ccache(Authctxt *authctxt) +{ + char *ccname; + debug("session_krb5_use_ccache called"); + if (authctxt->krb5_fwd_ccache) + return; + ccname = getenv("KRB5CCNAME"); + if (!ccname) + return; + debug("using ccname=%.100s", ccname); + if (krb5_init(authctxt)) + return; + krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache);} + void krb5_cleanup_proc(Authctxt *authctx...

...word) { krb5_error_code problem; + krb5_ccache ccache = NULL; if (authctxt->pw == NULL) return (0); @@ -223,30 +224,46 @@ auth_krb5_password(Authctxt *authctxt, c if (problem) goto out; - problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, - &authctxt->krb5_fwd_ccache); + problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache); if (problem) goto out; - problem = krb5_cc_initialize(authctxt->krb5_ctx, - authctxt->krb5_fwd_ccache, authctxt->krb5_user); + problem = krb5_cc_initialize(authctxt->krb5_ctx, ccache, + au...

...sTgtPassing no I'm using MIT Kerberos. As far as I can tell (after scanning the code for a few hours and I'm not a programmer) the problem is in auth_krb5_password. 244 problem = krb5_cc_resolve(authctxt->krb5_ctx, "MEMORY:", 245 &authctxt->krb5_fwd_ccache); the name "MEMORY:" seems to cause krb5_cc_get_name at 287 authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt-> krb5_ctx, authctxt->krb5_fwd_ccache); to return "" rather than NULL, so that sesssion.c sets KRB5CCNAME in the shell enviro...

...rrno)); - problem = errno; - goto out; - } - - if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { - logit("fchmod(): %.100s", strerror(errno)); - close(tmpfd); - problem = errno; - goto out; - } - close(tmpfd); - - problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache); - if (problem) - goto out; + problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache); problem = krb5_cc_initialize(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, authctxt->krb5_user); @@ -234,4 +210,31 @@ } } +#ifndef HEIMDAL +krb5_error_co...

..._token)(NULL, env, pw->pw_dir, 1); + } + dlclose(handle); + } + } +#else + #if defined(KRB5) && defined(USE_AFS) /* * At this point, we check to see if AFS is active and if we have @@ -1477,6 +1503,7 @@ krb5_afslog_home(s->authctxt->krb5_ctx, s->authctxt->krb5_fwd_ccache, NULL, NULL, pw->pw_dir); } +#endif #endif /* Change current directory to the user\'s home directory. */

...7 @@ xfree(token); } break; -#endif /* AFS */ +#endif /* AFS && KRB4 */ case SSH_CMSG_EXEC_SHELL: case SSH_CMSG_EXEC_CMD: @@ -1370,6 +1370,10 @@ krb_afslog(cell, 0); krb_afslog(0, 0); +#ifdef KRB5 + krb5_afslog(s->authctxt->krb5_ctx, s->authctxt->krb5_fwd_ccache, + NULL, NULL); +#endif } #endif /* AFS */ --- ssh.c 2002/01/23 12:28:10 1.1 +++ ssh.c 2002/01/23 12:30:58 @@ -159,9 +159,9 @@ _PATH_SSH_USER_CONFFILE); fprintf(stderr, " -A Enable authentication agent forwarding.\n"); fprintf(stderr, " -a...