similar to: [Bug 1073] if userok rejects a user their creds still get set

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h

How reasonable, acceptable and difficult would it be to "enhance" openssh so authorizations using kerberos (specifically kerberos tickets) consulted the authorized_keys file? And to be a bit more precise... consulted authorized_keys so it could utilize any "options" (eg. from=, command=, environment=, etc) that may be present? I'm willing to make custom changes, but

(I hope this message is appropriate for these lists. If not, please tell me and I won't do it again.) Hi All. There will be a new release of OpenSSH in a couple of weeks. This release contains Kerberos and GSSAPI related changes that we would like to get some feedback about (and hopefully address any issues with) before the release. I encourage anyone with an interest in

Dear all, I have a data similar to this: myframe<- data.frame (ID=c("Ernie", "Ernie","Ernie","Ernie"), Timestamp=c("24.09.2012 08:00", "24.09.2012 09:00", "24.09.2012 10:00", "25.09.2012 10:00"), Longitude=c("8.481","8.482","8.483","8.481"),

This may be sorta off topic considering this is probably regarding the linux kernel but I am hoping someone here will have the answer anyway. I am having the strangest problem when mounting a samba share with "-t cifs" as opposed to "-t smbfs" where, instead of mounting as the user I am logged in as, it is mounted as if I were logged on as a completely different user. For

I filed this as bug 4150 http://rsync.samba.org/cgi-bin/rsync/ We had a few hundred hung processes and reached the limit for "max user processes" (see the ulimit command). rsync did not handle this very well. It passed -1 as a PID to kill(). When kill() gets -1, it kills all of the processes owned by that user, or if run by root, all processes. I attached a one line fix. Let me

Thank you for providing the example code... for the request of running it multiple times it would have helped if you could have confirmed that the example ran through without errors... there were a lot of mistakes in it. Look into using the reprex package to check your example next time. I don't do this kind of analysis... I really don't know what to expect from the functions. The

Hi, I used Samba 4.0.5 in Wheezy. Here is that I have done: --------------------------------------------------------------- samba-tool domain provision --realm=CHEZMOI.PRIV --domain=CHEZMOI \ --server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass='+toto123' echo "nameserver 192.168.0.21" > /etc/resolv.conf samba ln -s /usr/local/samba/lib/libnss_winbind.so

[answers inline] On 18 August 2017 at 20:08, Dagmar <Ramgad82 at gmx.net> wrote: > > myframe<- data.frame (ID=c("Ernie", "Ernie","Ernie","Ernie"), > Timestamp=c("24.09.2012 08:00", "24.09.2012 09:00", "24.09.2012 10:00", > "25.09.2012 10:00"),

Hello, Summary: a Linux server joined to domain GODMZ (which trusts another domain GOCORP), without network access to GOCORP domain controllers can authenticate but not retrieve user information (id) even though wbinfo -n can resolve a name to SID. Long: We have two domains, both at server 2003 functional level. GOCORP contains users and intranet servers. GODMZ contains servers in the DMZ (web

I note with interest that Kerberos support is now available (for the version 1 protocol, at least) in OpenSSH 2.9.9p2. However, it does not build with MIT Kerberos, due to the usual Heimdal/MIT library differences. These look, by and large, like the same problems I encountered when porting Dan Kouril's patch to MIT Kerberos - so I'm having a go at fixing them (my GSSAPI patches need

http://bugzilla.mindrot.org/show_bug.cgi?id=1218 Summary: GSSAPI client code permits SPNEGO usage Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: bitbucket at mindrot.org ReportedBy:

Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide

Portable OpenSSH 2.9p2 has just been uploaded and shall be making its way to the mirrors listed at http://www.openssh.com/portable.html shortly. This release fixes the "cookies" file deletion problem reported on BUGTRAQ as well as a few other minor (non-security) bugs. No new features have been added in this release. Regards, Damien Miller -- | Damien Miller <djm at

Portable OpenSSH 2.9p2 has just been uploaded and shall be making its way to the mirrors listed at http://www.openssh.com/portable.html shortly. This release fixes the "cookies" file deletion problem reported on BUGTRAQ as well as a few other minor (non-security) bugs. No new features have been added in this release. Regards, Damien Miller -- | Damien Miller <djm at

https://bugzilla.mindrot.org/show_bug.cgi?id=1276 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #1233| |ok+ Flag| |

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 simon at sxw.org.uk changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |simon at sxw.org.uk ------- Comment #5 from simon at sxw.org.uk 2006-08-19 08:28 ------- There isn't an easy fix for this, at

Are there any patches to enable Krb5 for OpenSSH? I'm trying to get a proof of concept done so I can eventually roll Krb5 and OpenSSH out as our primary AA infrastructure and I'm having a hard time of it. Can someone point me to info to help? -- Austin Gonyou Systems Architect Coremetrics, Inc. Phone: 512-796-9023 email: austin at coremetrics.com

https://bugzilla.mindrot.org/show_bug.cgi?id=1601 Summary: Memory leak caused by forwarded GSSAPI credential store Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at