search for: krb5_princip

...), ssh calls if ((ctx->major = gss_export_name(&ctx->minor, ctx->client, &ename))) { ssh_gssapi_error(ctx); return (ctx->major); } Here ctx->client is passed in but gss_export_name assumes that the input name is a krb5_principal. Not surprisingly, the datatype mismatch causes the call to fail. Could have caused it to crash, I suppose - that would have been a much clearer indication of what the trouble was. I did manage to hack the thing to work - I first hacked libgssapi.so to include a new function: OM_uint32 KRB...

...39;\" I get the following error trying to compile libads/kerberos_verify.c "libads/kerberos_verify.c", line 77: improper member use: keyblock The relevant code below looks okay to me static krb5_error_code create_keytab(krb5_context context, krb5_principal host_princ, char *host_princ_s, krb5_data password, krb5_enctype *enctypes, krb5_keytab *keytab, char *keytab_na...

First thing - I'd like to say a big "THANK YOU" to the developers. I just upgraded to samba-3.0.23 and I've noticed an alarming issue with respect to my configuration. I've been using the built-in keytab management and it looks like the updated code no longer creates the userPrincipal in Active Directory. Whether this is an issue for others or not, it would be nice to have

...=============================================================== RCS file: /cvs/openssh/auth-krb5.c,v retrieving revision 1.25 diff -u -r1.25 auth-krb5.c --- auth-krb5.c 11 Sep 2004 13:32:09 -0000 1.25 +++ auth-krb5.c 6 Jul 2005 10:31:51 -0000 @@ -67,9 +67,6 @@ #ifndef HEIMDAL krb5_creds creds; krb5_principal server; - char ccname[40]; - int tmpfd; - mode_t old_umask; #endif krb5_error_code problem; krb5_ccache ccache = NULL; @@ -146,28 +143,7 @@ goto out; } - snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); - - old_umask = umask(0177); - tmpfd = mkstemp(cc...

Attached is a patch to make sshd work on OSX when using plain ol' Kerberos authentication as opposed to opendirectory authentication. Cheers, Nick -------------------------------------------------------------------------- NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the

.../* Senthil test program for Kerberos */ /* To compile cc -o check_valid Test_krb5.c -lkrb5 */ /* To run ./check_valid <username> <kerberos passwd> */ #include <stdio.h> #include <krb5.h> int main(int argc,char **argv) { krb5_error_code problem; krb5_context context=NULL; krb5_principal client = NULL; krb5_creds creds; char *str=argv[1]; char *mypassword=NULL; if (context == NULL) { problem = krb5_init_context(&context); if(problem) { printf("\nproblem in initialization and krb5_init_context fails\n"); exit(0); }...

...n 9 21:41:48 2002 +++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002 @@ -73,18 +73,17 @@ * from the ticket */ int -auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) +auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply) { krb5_error_code problem; krb5_principal server; - krb5_data reply; krb5_ticket *ticket; int fd, ret; ret = 0; server = NULL; ticket = NULL; - reply.length = 0; + reply->length = 0; problem = krb5_init(authctxt); if (problem) @@ -131,7 +130,7 @@ /* if client wants mutual auth */ problem = krb5_mk_rep(authctxt-...

...th-krb5.c Wed, 21 Nov 2001 10:38:46 -0500 +++ 3_0_2p1_w_named_keys.1(w)/auth-krb5.c Thu, 24 Jan 2002 10:52:24 -0500 @@ -19,6 +19,7 @@ #include <krb5.h> extern ServerOptions options; +int user_key_allowed(struct passwd *, Key *); static int krb5_init(void *context) @@ -52,6 +53,8 @@ krb5_principal server; krb5_data reply; krb5_ticket *ticket; + Key k; + char *client_name; int fd, ret; ret = 0; @@ -95,14 +98,30 @@ if (problem) goto err; + if (!krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, + &client_name)) + goto err; + /* Check .k5login authoriz...

Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide

...================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h 10 Aug 2003 14:06:43 -0000 1.1.1.2 +++ auth.h 10 Aug 2003 14:25:01 -0000 1.3 @@ -67,6 +67,7 @@ krb5_principal krb5_user; char *krb5_ticket_file; #endif + void *methoddata; }; /* * Every authentication method has to handle authentication requests for Index: auth2-gss.c =================================================================== RCS file: auth2-gss.c diff -N auth2-gss.c --- /dev/null 1 Ja...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

...--- 2_9_p2_w_gss_and_krb5.1/gss-serv.c Tue, 26 Jun 2001 16:27:13 -0400 willian (OpenSSH/l/25_gss-serv.c 1.1 644) +++ 2_9_p2_w_gss_krb5_named_keys.6/gss-serv.c Thu, 05 Jul 2001 18:25:48 -0400 willian (OpenSSH/l/25_gss-serv.c 1.5 644) @@ -127,24 +127,45 @@ int ssh_gssapi_krb5_userok(char *name) { krb5_principal princ; - int retval; + int retval, retval2; + Key k; if (ssh_gssapi_krb5_init() == 0) return 0; + k.type = KEY_NAME; + k.name = gssapi_client_name.value; + k.name_len = strlen(gssapi_client_name.value); + k.name_type = "krb5"; + + debug3("ssh_gssapi_krb5_userok:");...