Displaying 12 results from an estimated 12 matches for "ssh_gssapi_krb5_storecreds".
2009 May 23
2
Memory leak caused by forwarded GSSAPI credential store
...penSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI credentials resulting in a growing process segment for each connection that uses GSSAPI credentials forwarding. What happens is the following:
In the privileged parent, we are calling ssh_gssapi_storecreds() which itself calls ssh_gssapi_krb5_storecreds(). ssh_gssapi_krb5_storecreds() makes some memory allocations in order to save the credentials store for the gssapi client.
+167 client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache));
+168 client->store.envvar = "KRB5CCNAME";
+169...
2009 May 23
7
[Bug 1601] New: Memory leak caused by forwarded GSSAPI credential store
...OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI
credentials resulting in a growing process segment for each connection
that uses GSSAPI credentials forwarding. What happens is the following:
In the privileged parent, we are calling ssh_gssapi_storecreds() which
itself calls ssh_gssapi_krb5_storecreds(). ssh_gssapi_krb5_storecreds()
makes some memory allocations in order to save the credentials store
for the gssapi client.
+167 client->store.filename =
xstrdup(krb5_cc_get_name(krb_context, ccache));
+168 client->store.envvar = "KRB5CCNAME";
+169...
2006 Mar 01
3
[Bug 1166] openssh-4.3p1 has some issues compiling
...Status: NEW
Severity: normal
Priority: P2
Component: Kerberos support
AssignedTo: bitbucket at mindrot.org
ReportedBy: gentoo.riverrat at gmail.com
While attempting to correct some compile warnings I noticed this:
gss-serv-krb5.c: In function `ssh_gssapi_krb5_storecreds':
gss-serv-krb5.c:156: warning: implicit declaration of function
`gss_krb5_copy_ccache'
This is actually a simple typo that was a bear to track down but should get
corrected immediately as it is potentially problematic on amd64.
I originally reported this to Gentoo and submitted a patch:...
2007 Apr 30
1
GSSAPIDelegateCredentials fails with a segfault
Hi,
I'm trying to use the GSSAPIDelegateCredentials function to forward my
kerberos 5 tickets.
Authentication with GSSAPI/Kerberos 5 works fine, I can log in to the
server when I have valid tickets on my client.
But when I turn on GSSAPIDelegateCredentials I get "Connection reset by
peer" at the client side.
At the server side, I have been able to see that the user process gets a
2003 Oct 30
3
[Bug 751] KRB5CCNAME set incorrectly in GSSAPI code
...rsion: All
Status: NEW
Severity: normal
Priority: P2
Component: Kerberos support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: smichaud at pobox.com
This is something we missed when going over the GSSAPI code this August.
The code in ssh_gssapi_krb5_storecreds() in gss-serv-krb5.c doesn't set the
KRB5CCNAME environment variable correctly. At present it includes only the
cache's "name". But it should actually include both it's "type" and it's
"name", separated by a colon ':' -- e.g. "FILE:/tmp/k...
2003 Aug 22
1
GSSAPI patch sync from OpenBSD to Portable
Hi All.
Markus has commited the long-awaited GSSAPI patch to OpenBSD's ssh.
There are patches. The first [1] is a straightforward port of the
OpenBSD code to Portable.
The second [2] contains the parts I've stolen from Simon Wilkinson's
portable GSSAPI patch in an attempt to make it build. It is incomplete
and doesn't currently work.
The PAM support is not there and
2005 May 12
2
Problems with PAM environments in ssh
I?ve stumbled across a rather obscure problem with ssh. My machine is
setup to use Kerberos authentication, i.e., I use the pam_krb5 module in
the ssh auth section of the PAM configuration file and I have sshd
compiled to accept valid Kerberos 5 tickets as well. I also use OpenAFS,
so I?ve got the pam_openafs_session module in the ssh session section of
the PAM configuration file.
Everything
2007 Jan 17
3
[Bug 1276] Link stage fails when gssapi exists
...auth2-gss.o gss-serv.o
gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o
md5crypt.o audit.o audit-bsm.o platform.o -L. -Lopenbsd-compat/
-L/usr/lib -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz
-lnsl -lcrypt -lgssapi -lkrb5 -lk5crypto -lcom_err
gss-serv-krb5.o: In function `ssh_gssapi_krb5_storecreds':
/usr/src/packages/BUILD/openssh-4.5p1/gss-serv-krb5.c:164: undefined
reference to `gss_krb5_copy_ccache'
collect2: ld returned 1 exit status
make: *** [sshd] Error 1
This missing function is defined in libgssapi_krb5. I think the problem
behind this is that gss_init_sec_context, which...
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2004 Aug 12
14
Pending OpenSSH release, call for testing.
Hi All.
OpenSSH is getting ready for a release soon, so we are asking for all
interested parties to test a snapshot.
Changes include:
* sshd will now re-exec itself for each new connection (the "-e" option
is required when running sshd in debug mode).
* PAM password authentication has been (re)added.
* Interface improvements to sftp(1)
* Many bug fixes and improvements, for
2003 Aug 10
9
updated gssapi diff
...+ name, (char *)client->displayname.value);
+ } else
+ retval = 0;
+
+ krb5_free_principal(krb_context, princ);
+ return retval;
+}
+
+
+/* This writes out any forwarded credentials from the structure populated
+ * during userauth. Called after we have setuid to the user */
+
+static void
+ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+{
+ krb5_ccache ccache;
+ krb5_error_code problem;
+ krb5_principal princ;
+ OM_uint32 maj_status, min_status;
+
+ if (client->creds == NULL) {
+ debug("No credentials stored");
+ return;
+ }
+
+ if (ssh_gssapi_krb5_init() == 0)
+ return;
+
+ if ((problem...
2014 Jan 17
15
Call for testing: OpenSSH-6.5
Hi,
OpenSSH 6.5 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains
some substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is