similar to: [Bug 1312] Add short command-line option -K for activating GSSAPIDelegateCredentials

http://bugzilla.mindrot.org/show_bug.cgi?id=944 mmokrejs at ribosome.natur.cuni.cz changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Comment #3 from mmokrejs at ribosome.natur.cuni.cz

Hi, I am trying to impliment OpenSSH v2.9p1 with the Krb5/GSSAPI patches at: http://www.sxw.org.uk/computing/patches/openssh-2.9p1-gssapi.patch On a FreeBSD 4.3-STABLE system (with both the integrated Heimdal libs and the MIT Krb5 package from ports intstalled). I patched the src tree, reconfigured, recompiled, installed, and it works - except for Krb5 passwords or Krb5 tickets. And I really

http://bugzilla.mindrot.org/show_bug.cgi?id=944 Summary: ssh_config missing default configuration values for GSSAPI Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: openssh-bugs at

Checking up on this change: On Wed, 29 Mar 2023 at 19:38, Ed Maste <emaste at freefall.freebsd.org> wrote: > > From: Ed Maste <emaste at FreeBSD.org> > > By convention settings in ssh_config are shown with a commented out > default. > > Fixes: 6cb52d5bf771 ("upstream: make CheckHostIP default to 'no'...") > --- > ssh_config | 2 +- > 1

I note with interest that Kerberos support is now available (for the version 1 protocol, at least) in OpenSSH 2.9.9p2. However, it does not build with MIT Kerberos, due to the usual Heimdal/MIT library differences. These look, by and large, like the same problems I encountered when porting Dan Kouril's patch to MIT Kerberos - so I'm having a go at fixing them (my GSSAPI patches need

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot

Hi, I'm trying to use the GSSAPIDelegateCredentials function to forward my kerberos 5 tickets. Authentication with GSSAPI/Kerberos 5 works fine, I can log in to the server when I have valid tickets on my client. But when I turn on GSSAPIDelegateCredentials I get "Connection reset by peer" at the client side. At the server side, I have been able to see that the user process gets a

https://bugzilla.mindrot.org/show_bug.cgi?id=1276 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #1233| |ok+ Flag| |

https://bugzilla.mindrot.org/show_bug.cgi?id=1601 Summary: Memory leak caused by forwarded GSSAPI credential store Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at

Hi all, I'm really struggling with getting Kerberos authentication to work between a FreeBSD host and a Linux host. I'm using the latest 6- STABLE code on the FreeBSD box, I've got forwardable Kerberos tokens (verified with "klist -f") and Kerberos and ssh are working fine in all other ways, but I can't get the Linux box to accept the Kerberos ticket as

https://bugzilla.mindrot.org/show_bug.cgi?id=1620 Summary: GSSAPIDelegateCredentials fails silently when given non-forwardable tickets Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support

I've been trying to get Kerberos to work for the last couple of days so that we can use SSO. I can't seem to get past a roadblock and Google doesn't seem to provide any answers. I've got Samba connected to the AD and running. I can wbinfo everything and can login to the machine using PAM with the pam_winbind modules just fine. I can get user tickets just fine. When I try to get ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=928 --- Comment #9 from Darren Tucker <dtucker at zip.com.au> 2010-01-11 17:11:06 EST --- Created an attachment (id=1775) --> (https://bugzilla.mindrot.org/attachment.cgi?id=1775) sshd-gssapi-multihomed.patch I updated patch #1182 to OpenBSD current and fixed a few minor whitespace things. I also removed this warning from the man page:

this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h

https://bugzilla.mindrot.org/show_bug.cgi?id=2643 Bug ID: 2643 Summary: Can not ssh with tr_TR.UTF-8 locale (Bad configuration options) Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: major Priority: P5 Component: ssh

I'm trying to get openssh to work with SEAM(Solaris Enterprise Authentication Mechanism) on Solaris 9. I have a few questions. Any help would be appreciated. I am working with openssh 3.8. 1. First of all, does anyone know if it is possible to get openssh working with SEAM? 2. Which options do i need to use when compiling openssh? Do i need to use --with-kerberos5=kerbpath or --with-pam

Portable OpenSSH 2.9p2 has just been uploaded and shall be making its way to the mirrors listed at http://www.openssh.com/portable.html shortly. This release fixes the "cookies" file deletion problem reported on BUGTRAQ as well as a few other minor (non-security) bugs. No new features have been added in this release. Regards, Damien Miller -- | Damien Miller <djm at

Portable OpenSSH 2.9p2 has just been uploaded and shall be making its way to the mirrors listed at http://www.openssh.com/portable.html shortly. This release fixes the "cookies" file deletion problem reported on BUGTRAQ as well as a few other minor (non-security) bugs. No new features have been added in this release. Regards, Damien Miller -- | Damien Miller <djm at

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

Hi, Just wondering if anyone was looking at implementing draft-ietf-secsh-gsskeyex-00 in OpenSSH? My patches for SSH version 1 Kerberos 5 support (heavily based upon work done by Dan Kouril) are now available from http://www.sxw.org.uk/computing/patches/ Is there any interest in integrating these into the distribution? If so, I'd be happy to update them to the development version. Cheers,