Displaying 9 results from an estimated 9 matches for "krb5_get_err_text".
2003 Aug 10
9
updated gssapi diff
...pi_krb5_userok(ssh_gssapi_client *client, char *name)
+{
+ krb5_principal princ;
+ int retval;
+
+ if (ssh_gssapi_krb5_init() == 0)
+ return 0;
+
+ if ((retval = krb5_parse_name(krb_context, client->exportedname.value,
+ &princ))) {
+ logit("krb5_parse_name(): %.100s",
+ krb5_get_err_text(krb_context, retval));
+ return 0;
+ }
+ if (krb5_kuserok(krb_context, princ, name)) {
+ retval = 1;
+ logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
+ name, (char *)client->displayname.value);
+ } else
+ retval = 0;
+
+ krb5_free_principal(krb_context, princ);
+...
2005 Jul 06
0
[PATCH] Simplify Kerberos credentials cache code
...hmod(tmpfd, S_IRUSR | S_IWUSR) == -1) {
- logit("fchmod(): %.100s", strerror(errno));
- close(tmpfd);
- problem = errno;
- return;
- }
- close(tmpfd);
- if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) {
- logit("krb5_cc_resolve(): %.100s",
- krb5_get_err_text(krb_context, problem));
- return;
- }
+ if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) {
+ logit("ssh_krb5_cc_gen(): %.100s",
+ krb5_get_err_text(krb_context, problem));
+ return;
}
#endif /* #ifdef HEIMDAL */
2003 Apr 23
2
Kerberized Telnet Badly Broken (Patch enclosed)
Ugh.
With MAKE_KERBEROS5=yes, on a recent STABLE,
I get the following trying to use Kerberized telnet:
# telnet -l test big.x.kientzle.com
Trying 66.166.149.54...
Connected to big.x.kientzle.com.
Escape character is '^]'.
[ Trying mutual KERBEROS5 (host/big.x.kientzle.com@X.KIENTZLE.COM)... ]
Bus error (core dumped)
Fortunately, it's pretty easy to track down:
(gdb) up
#2
2003 Aug 08
1
Help request: merging OpenBSD Kerberos change into Portable.
...*)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
out:
restore_uid();
if (problem) {
+ if (ccache)
+ krb5_cc_destroy(authctxt->krb5_ctx, ccache);
+
if (authctxt->krb5_ctx != NULL)
debug("Kerberos password authentication failed: %s",
krb5_get_err_text(authctxt->krb5_ctx, problem));
2007 Mar 27
3
Building problem on FreeBSD with GSSAPI
...ference to `krb5_cc_copy_cache'
/usr/lib/libasn1.so: undefined reference to `init_error_table'
/usr/lib/libgssapi.so: undefined reference to `krb5_auth_con_setkey'
/usr/lib/libgssapi.so: undefined reference to `krb5_get_forwarded_creds'
/usr/lib/libgssapi.so: undefined reference to `krb5_get_err_text'
/usr/lib/libgssapi.so: undefined reference to `krb5_ret_int32'
/usr/lib/libgssapi.so: undefined reference to `krb5_h_addr2sockaddr'
/usr/lib/libgssapi.so: undefined reference to `krb5_build_authenticator'
/usr/lib/libgssapi.so: undefined reference to `krb5_build_ap_req'
/usr/li...
2001 Jun 28
1
Adding 'name' key types
Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I
noticed that there is a bit of functionality missing from
OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using
GSS authentication.
Yes, ~/.k5login can be used to grant access to an account for
applications that support Kerberos, as does OpenSSH with those GSS
patches, but .k5login does not and cannot provide
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2002 Jan 24
1
PATCH: krb4/krb5/... names/patterns in auth_keys entries
...k;
if (ssh_gssapi_krb5_init() == 0)
return 0;
-
+
+ k.type = KEY_NAME;
+ k.name = gssapi_client_name.value;
+ k.name_type = "krb5";
+
if ((retval=krb5_parse_name(krb_context, gssapi_client_name.value,
&princ))) {
log("krb5_parse_name(): %.100s",
krb5_get_err_text(krb_context,retval));
return 0;
}
- if (krb5_kuserok(krb_context, princ, name)) {
+
+ /* Try authorized_keys first */
+ by = "authorized_keys";
+ retval = user_key_allowed(getpwnam(name), &k);
+ if (retval < 0) {
+ debug("ssh_gssapi_krb5_userok: access denied in %s"...
2001 Aug 15
0
[ossh patch] principal name/patterns in authorized_keys2
...lue);
+ k.name_type = "krb5";
+
+ debug3("ssh_gssapi_krb5_userok:");
+ debug3("ssh_gssapi_krb5_userok: %s", k.name_type);
+
if ((retval=krb5_parse_name(krb_context, gssapi_client_name.value,
&princ))) {
log("krb5_parse_name(): %.100s",
krb5_get_err_text(krb_context,retval));
return 0;
}
+
+ retval2 = user_key_allowed(getpwnam(name), &k);
+ if (retval2 < 0) {
+ krb5_free_principal(krb_context, princ);
+ return 0;
+ }
+
if (krb5_kuserok(krb_context, princ, name))
retval = 1;
else
retval = 0;
+ if (retval2 > 0)
+ log(&q...