similar to: [Bug 78] New: Support use of named (krb4, krb5, gsi, x.509) keys in auth_keys entries

http://bugzilla.mindrot.org/show_bug.cgi?id=78 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Additional Comments From djm at mindrot.org 2005-04-21 18:57

This patch (to OpenSSH 3.0.2p1) adds support for using krb4, krb5 and other principal names in authorized_keys entries. It's a sort of replacement for .klogin and .k5login, but it's much more general than .k*login as it applies to any authentication mechanism where a name is associated with the ssh client and it supports name patterns and all the normal authorized_keys entry options

http://bugzilla.mindrot.org/show_bug.cgi?id=170 Summary: Double free() and heap corruption when krb4 auth fails Product: Portable OpenSSH Version: 3.1p1 Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

Puppet 2.6.14 is a security release in the 2.6.x branch which addresses CVEs 2012-1053 and 2012-1054. All users of Puppet 2.6.x are encouraged to upgrade when possible to Puppet 2.6.14. Other information available at: http://puppetlabs.com/security or visit http://puppetlabs.com/security/cve/cve-2012-1053 and http://puppetlabs.com/security/cve/cve-2012-1053 Detailed feature release notes are

As you know, revoking RSA/DSA keys in an SSH environment requires editing all authorized_keys and authorized_keys2 files that reference those public keys. This is, well, difficult at best but certainly very obnoxious, particularly in a large environment. SSH key management is difficult. This patch simplifies key management wherever GSS-API/Kerberos is used and is general enough to be used with

Connect from Mac OSX 10.4.8 / to Recent Linux .. Sys/Sw Versions in .txt ? Refuses to accept keys in auth_keys .. bad keys "-----BEGIN" ... "-----END" Is this open .. not found in site search ... R/ Everett F Batey II - WA6CRE - http://www.cotdazr.org 800 545-6998 = 805 340-6471 / Office (805) 228-7180

http://bugzilla.mindrot.org/show_bug.cgi?id=573 Summary: Don't include krb4 headers on a krb5 compile Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: openssh-bugs at mindrot.org

When creating ~/.ssh and ~/.ssh/authorized_keys (in case they are missing), change their ownership to the target user. If not, they are owned by root. --- customize/ssh_key.ml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index 7c482e7..d05816c 100644 --- a/customize/ssh_key.ml +++ b/customize/ssh_key.ml @@ -115,20 +115,24

Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates .ssh/authorized_keys as 0600. Thanks: Ryan Sawhill for finding the bug. --- customize/ssh_key.ml | 4 ++-- src/guestfs.pod | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index 09664bf..dd6056f 100644 --- a/customize/ssh_key.ml +++

Hi, can you anyone suggest me how can i update .k5login to append new entry or remove existing line when i tried using k5login { ''/root/.k5login'': ensure => present, path => ''/root/.k5login'', principals => ''dhaval@MYREALM.COM'', } it completelty removes all lines form k5login and put

http://bugzilla.mindrot.org/show_bug.cgi?id=324 Summary: privsep break KRB4 auth, KRB4 TGT forwarding and AFS token forwarding Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=324 ------- Additional Comments From jan.iven at cern.ch 2002-06-30 09:19 ------- Created an attachment (id=125) KRB4/KRB5/AFS with privsep ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hi, we are currently moving our mailserver to a new server with Dovecot, virtual users in LDAP, Passwords in Kerberos Setup. Everything works fine except for GSSAPI which seems to be a bit buggy. The thing is, that when using a .k5login [1] file it seems that SASL does not get passed the home directory specified userdb. In other words, mails for user1 (see below) are stored in

I am running dovecot 2.1.7 on Debian Squeeze 64 bit, config information at the end of the email. I am working on a Kerberos/GSSAPI based setup that requires cross-realm authentication. I have regular GSSAPI working, I can log in using pam_krb5 with password based logins or with the GSSAPI support when using a kerberos ticket in the default realm. However when I attempt to authenticate using

Hi, I'm suffering from a memory corruption problem when compiling OpenSSH 3.0.2p1 with kth-krb4 1.1 on AIX 4.3.2 and 4.3.3. The symptom is that the file name gets zeroed out during ssh key generation, for example during "make install": Generating public/private rsa1 key pair. open failed: No such file or directory. ^ filename normally goes here When I remove krb4 from the

Dear developers, recently I tried to compile kerberos4 authentization support in openssh-3.5p1 on Redhat 8.0, unfortunately autentization against kerberos server in a kerberos4 realm doesn't work well, probably due to the bug in auth-krb4.c. My colleague David Komanek wrote patch to this file solving the problem, so credits goes to him. I'm sending this here, believing that it can help

An updated version of my patch for Kerberos v5 support is now available from http://www.sxw.org.uk/computing/patches/openssh-2.5.2p1-krb5.patch This patch includes updated Kerberos v5 support for protocol version 1, and also adds GSSAPI support for protocol version 2. Unlike the Kerberos v5 code (which will still not interoperate with ssh.com clients and servers), the GSSAPI support is based on

Hi, I configured OpenSSH 3.0.2p1 with ./configure --disable-suid-ssh --with-pam --with-kerberos4=/usr/athena \ --with-afs=/usr/afsws --with-ipaddr-display \ --with-ssl-dir=/afs/bi/v/@sys/libraries/openssl/latest My "latest" OpenSSL is 0.9.6a. KTH krb4 is 1.1. When linking the binaries, the KTH krb4 libdes conflicts with the OpenSSL libdes. It seems to be possible to get around

Hello, Has anyone tried to compile Openssh with KTH-KRB4? I tried using: ./configure --prefix=/usr --sysconfdir=/etc/ssh \ --with-gnome-askpass --with-tcp-wrappers \ --with-ipv4-default \ --with-kerberos4=/usr/athena but it complains that it cannot find krb.h (which is in /usr/athena/include). I didn't find anything in the

http://bugzilla.mindrot.org/show_bug.cgi?id=44 ------- Additional Comments From djm at mindrot.org 2002-05-13 15:39 ------- Have you filed a bug in the glibc bug tracking system? BTW, how did you compile with krb4 on Redhat 7.2 without running over libdes conflicts? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.