Displaying 20 results from an estimated 600 matches similar to: "krb5 problem: KRB5CCNAME is ""; possible fix for OpenSSH 3.0.2p1"
2004 Feb 27
1
[PATCH] Getting AFS tokens from a GSSAPI-delegated TGT
Here is a patch I just wrote and tested which may be of interest to
those who wish to use KerberosGetAFSToken (currently requires Heimdal
libkafs) in combination with GSSAPIDelegateCredentials. The patch is
in the public domain and comes with no warranty whatsoever. Applies
to pristine 3.8p1. Works for me on Solaris and Tru64.
I'd probably have used Doug Engert's patch from 2004-01-30 if
2005 Jul 06
0
[PATCH] Simplify Kerberos credentials cache code
The attached patch removes the duplicated credentials cache generation
code in auth-krb5.c and gss-serv-krb5.c, by turning it into a procedure
which is then called by both sections of code.
It's against the latest portable CVS tree.
Cheers,
Simon.
-------------- next part --------------
Index: auth-krb5.c
===================================================================
RCS file:
2003 Aug 08
1
Help request: merging OpenBSD Kerberos change into Portable.
Hi All.
I'm looking for some help to merge an outstanding Kerberos
credential cache change from OpenBSD into Portable. I don't know enough
about Kerberos to figure out how that change should be applied for the
non-Heimdal(?) code path.
The outstanding diff is attached.
Any volunteers?
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4
2003 Nov 11
1
AIX KRB5CCNAME problem
I believe there is a bug in how AIX handles the KRB5CCNAME environment
variable. The symptom occurs when a root user restarts sshd while they
have KRB5CCNAME set; all of the resulting client connections will inherit
the same KRB5CCNAME variable. This can occur if the admin uses 'ksu' or
some other kerberized method of obtaining root privileges.
Investigating this problem, I stumbled
2002 Jul 28
0
[Bug 372] New: [authkrb5] : KRB5CCNAME set to pointer
http://bugzilla.mindrot.org/show_bug.cgi?id=372
Summary: [authkrb5] : KRB5CCNAME set to pointer
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: basalt
2004 Feb 27
2
OPenAFS and OpenSSH replacing kafs
Would OpenSSH be willing to accept a modification similar to the one
below to replace the kafs modification to get an AFS PAG and token?
The nice features of this are that it can be compiled in
even if OpenAFS is not available. At runtime if the
dynamic library is present, it can be loaded and called.
A dynamic lib is used so the setpag is in the same process.
It has been reported that the
2006 Sep 18
1
BSD Auth: set child environment variables requested by login script [PATCH]
Hello,
in the BSD Authentication system the login script can request environment
variables to be set/unset. The call to auth_close() in auth-passwd.c does
change the current environment, but those changes are lost for the child
environment.
It would be really useful to add some kind of mechanism to get
those changes into the child environment. I've added two possible
solutions. Both
2003 May 15
1
[Bug 445] User DCE Credentials do not get forwarded to child session
http://bugzilla.mindrot.org/show_bug.cgi?id=445
------- Additional Comments From djm at mindrot.org 2003-05-15 21:39 -------
I am not sure I understand (my Kerberos knowledge isn't so great):
We already set this for Krb5 auth:
#ifdef KRB5
if (s->authctxt->krb5_ticket_file)
child_set_env(&env, &envsize, "KRB5CCNAME",
s->authctxt->krb5_ticket_file);
2007 Sep 13
0
Compilation error when linking libsmbclient.so :-(
Hi All,
I am using libsmbclient.so (3.0.25b).
But I am getting following error when I try to compile my program.
Could any one of you please let me know as how should I go about resolving
this error ?
Thanks and Regards,
Avinash
g++ -g -O2 -o GenericCrwl crwl_cmdargs.o crwl_main.o crwl_crawl.o
../thirdparty/libs/libdb_cxx-4.3.so
2003 Sep 24
1
Patches for compatibility with Heimdal's libsia_krb5 SIA module
I have found the following patches to be desirable for using sshd on a
Tru64 UNIX system with the Kerberos 5 SIA module (libsia_krb5.so) from
Heimdal.
These patches do the following:
1) preserve context between the password authentication and the session
setup phases. This is necessary because the Heimdal SIA module stores
Kerberos context information as mechanism-specific data in
2002 Jan 23
1
Fix AFS and Kerberos interaction
Hello,
I going to use ssh with Kerberos V5 support along with support for AFS. I
don't want to use Kerberos V4 or AFS token passing. The only thing I need
from AFS is creating an AFS token (using appropriate function from krb5 API)
after user's authentication. It seems to me that such scenario is not much
supported by the current code. Rather it is assumed only Kerberos 4 will be
used
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2003 Nov 12
2
[Bug 757] KRB5CCNAME inherited from root's environment under AIX
http://bugzilla.mindrot.org/show_bug.cgi?id=757
Summary: KRB5CCNAME inherited from root's environment under AIX
Product: Portable OpenSSH
Version: -current
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: minor
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
2003 Oct 30
3
[Bug 751] KRB5CCNAME set incorrectly in GSSAPI code
http://bugzilla.mindrot.org/show_bug.cgi?id=751
Summary: KRB5CCNAME set incorrectly in GSSAPI code
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Kerberos support
AssignedTo: openssh-bugs at mindrot.org
2002 Jul 30
0
[Bug 372] [RFE] [authkrb5] : KRB5CCNAME set to pointer
http://bugzilla.mindrot.org/show_bug.cgi?id=372
basalt at easynet.fr changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
Summary|[authkrb5] : KRB5CCNAME set |[RFE] [authkrb5] :
|to pointer |KRB5CCNAME
2009 May 23
2
Memory leak caused by forwarded GSSAPI credential store
Hi guys
While debugging a GSSAPI memory allocation problem not related to OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI credentials resulting in a growing process segment for each connection that uses GSSAPI credentials forwarding. What happens is the following:
In the privileged parent, we are calling ssh_gssapi_storecreds() which itself calls
2002 Jul 31
2
privsep+kerb5+ssh1
please test Olaf Kirch's patch. it looks fine to me, but i don't to K5.
i'd like to see this in the next release. thx
-m
-------------- next part --------------
--- openssh-3.4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002
+++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002
@@ -73,18 +73,17 @@
* from the ticket
*/
int
-auth_krb5(Authctxt *authctxt, krb5_data *auth, char
2005 Nov 27
3
OpenSSH and Kerberos / Active Directory authentication problems: Credentials cache permission incorrect / No Credentials Cache found
Greetings,
I'm working on the infrastructure of a medium size client/server
environment using an Active Directory running on Windows Server 2003 for
central authentication of users on linux clients.
Additionally OpenAFS is running using Kerberos authentication through
Active Directory as well.
Now I want to grant users remote access to their AFS data by logging in
into a central OpenSSH
2003 May 20
0
[Bug 372] [RFE] [authkrb5] : KRB5CCNAME set to pointer
http://bugzilla.mindrot.org/show_bug.cgi?id=372
------- Additional Comments From simon at sxw.org.uk 2003-05-21 00:45 -------
If this is reproducable, then its a bug somewhere.
Could you confirm which Kerberos library and version you've seen this problem
with?
Are the credentials correctly created in /tmp, and KRB5CCNAME just isn't set
right, or are the credentials not being
2003 Dec 23
5
[Bug 757] KRB5CCNAME inherited from root's environment under AIX
http://bugzilla.mindrot.org/show_bug.cgi?id=757
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #498 is|0 |1
obsolete| |
------- Additional Comments From dtucker at zip.com.au 2003-12-23 00:44 -------