search for: safstokenpassing

...if -#ifdef AFS +#if defined(AFS) && defined(KRB4) if (options->afs_token_passing == -1) options->afs_token_passing = k_hasafs(); #endif @@ -246,7 +250,7 @@ #if defined(AFS) || defined(KRB5) sKerberosTgtPassing, #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) sAFSTokenPassing, #endif sChallengeResponseAuthentication, @@ -297,7 +301,7 @@ #if defined(AFS) || defined(KRB5) { "kerberostgtpassing", sKerberosTgtPassing }, #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) { "afstokenpassing", sAFSTokenPassing }, #endif { "passwo...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...uot; IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" diff -urN openssh-2.5.1p2/servconf.c openssh-2.5.1p2-tis/servconf.c --- openssh-2.5.1p2/servconf.c Thu Feb 15 04:08:27 2001 +++ openssh-2.5.1p2-tis/servconf.c Fri Mar 9 11:12:14 2001 @@ -206,6 +209,9 @@ #ifdef AFS sKerberosTgtPassing, sAFSTokenPassing, #endif +#ifdef TIS_AUTH + sAuthservAddress, +#endif sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, @@ -246,6 +252,9 @@ { "kerberostgtpassing", sKerberosTgtPas...

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

...e authentication cannot be first if it is disabled"); + options->challenge_response_authentication_first = 0; + } if (options->permit_empty_passwd == -1) options->permit_empty_passwd = 0; if (options->permit_user_env == -1) @@ -289,7 +297,7 @@ typedef enum { #ifdef AFS sAFSTokenPassing, #endif - sChallengeResponseAuthentication, + sChallengeResponseAuthentication, sChallengeResponseAuthenticationFirst, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, @@ -34...

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...hentication = -1; options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; + options->tis_via_pam = -1; options->permit_empty_passwd = -1; options->use_login = -1; options->allow_tcp_forwarding = -1; @@ -249,7 +250,7 @@ #ifdef AFS sAFSTokenPassing, #endif - sChallengeResponseAuthentication, + sChallengeResponseAuthentication, sTISviaPAM, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, @@ -304,6 +305,7 @@ { "kbdinteractiveauthent...

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of