search for: ssh_gssapi_displayname

On Fri, 2018-03-16 at 19:07 +1030, David Newall wrote: > > There is no reply about this demand since the firt proposition > > has if nobody in dev team cares about it :( > > I'm curious about the first section of the diff, which exports > SSH_GSSAPI_DISPLAYNAME to PAM. Is that useful? Am I right that the > PAM > environment forms no part of the client session? Does PAM not work > for GSS? Yes, the PAM environment is separate from the environment, where the new user session is created. PAM works fine with GSS, but you might have PAM modules,...

Hello There is no reply about this demand since the firt proposition has if nobody in dev team cares about it :( Strange ... Le 14 mars 2018 20:39:53 GMT+01:00, "Johannes L?thberg" <johannes at kyriasis.com> a ?crit : >Quoting Johannes L?thberg (2017-01-06 02:34:43) >> >this change request is already tracked as a bug #2063 [1] (with the >> >related

https://bugzilla.mindrot.org/show_bug.cgi?id=2063 Bug ID: 2063 Summary: RFE: export principal which was used for .k5login Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

How reasonable, acceptable and difficult would it be to "enhance" openssh so authorizations using kerberos (specifically kerberos tickets) consulted the authorized_keys file? And to be a bit more precise... consulted authorized_keys so it could utilize any "options" (eg. from=, command=, environment=, etc) that may be present? I'm willing to make custom changes, but