similar to: krb5 problem: KRB5CCNAME is ""; possible fix for OpenSSH 3.0.2p1

Here is a patch I just wrote and tested which may be of interest to those who wish to use KerberosGetAFSToken (currently requires Heimdal libkafs) in combination with GSSAPIDelegateCredentials. The patch is in the public domain and comes with no warranty whatsoever. Applies to pristine 3.8p1. Works for me on Solaris and Tru64. I'd probably have used Doug Engert's patch from 2004-01-30 if

The attached patch removes the duplicated credentials cache generation code in auth-krb5.c and gss-serv-krb5.c, by turning it into a procedure which is then called by both sections of code. It's against the latest portable CVS tree. Cheers, Simon. -------------- next part -------------- Index: auth-krb5.c =================================================================== RCS file:

Hi All. I'm looking for some help to merge an outstanding Kerberos credential cache change from OpenBSD into Portable. I don't know enough about Kerberos to figure out how that change should be applied for the non-Heimdal(?) code path. The outstanding diff is attached. Any volunteers? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4

I believe there is a bug in how AIX handles the KRB5CCNAME environment variable. The symptom occurs when a root user restarts sshd while they have KRB5CCNAME set; all of the resulting client connections will inherit the same KRB5CCNAME variable. This can occur if the admin uses 'ksu' or some other kerberized method of obtaining root privileges. Investigating this problem, I stumbled

http://bugzilla.mindrot.org/show_bug.cgi?id=372 Summary: [authkrb5] : KRB5CCNAME set to pointer Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: basalt

Would OpenSSH be willing to accept a modification similar to the one below to replace the kafs modification to get an AFS PAG and token? The nice features of this are that it can be compiled in even if OpenAFS is not available. At runtime if the dynamic library is present, it can be loaded and called. A dynamic lib is used so the setpag is in the same process. It has been reported that the

Hello, in the BSD Authentication system the login script can request environment variables to be set/unset. The call to auth_close() in auth-passwd.c does change the current environment, but those changes are lost for the child environment. It would be really useful to add some kind of mechanism to get those changes into the child environment. I've added two possible solutions. Both

http://bugzilla.mindrot.org/show_bug.cgi?id=445 ------- Additional Comments From djm at mindrot.org 2003-05-15 21:39 ------- I am not sure I understand (my Kerberos knowledge isn't so great): We already set this for Krb5 auth: #ifdef KRB5 if (s->authctxt->krb5_ticket_file) child_set_env(&env, &envsize, "KRB5CCNAME", s->authctxt->krb5_ticket_file);

Hi All, I am using libsmbclient.so (3.0.25b). But I am getting following error when I try to compile my program. Could any one of you please let me know as how should I go about resolving this error ? Thanks and Regards, Avinash g++ -g -O2 -o GenericCrwl crwl_cmdargs.o crwl_main.o crwl_crawl.o ../thirdparty/libs/libdb_cxx-4.3.so

I have found the following patches to be desirable for using sshd on a Tru64 UNIX system with the Kerberos 5 SIA module (libsia_krb5.so) from Heimdal. These patches do the following: 1) preserve context between the password authentication and the session setup phases. This is necessary because the Heimdal SIA module stores Kerberos context information as mechanism-specific data in

Hello, I going to use ssh with Kerberos V5 support along with support for AFS. I don't want to use Kerberos V4 or AFS token passing. The only thing I need from AFS is creating an AFS token (using appropriate function from krb5 API) after user's authentication. It seems to me that such scenario is not much supported by the current code. Rather it is assumed only Kerberos 4 will be used

this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h

http://bugzilla.mindrot.org/show_bug.cgi?id=757 Summary: KRB5CCNAME inherited from root's environment under AIX Product: Portable OpenSSH Version: -current Platform: PPC OS/Version: AIX Status: NEW Severity: minor Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=751 Summary: KRB5CCNAME set incorrectly in GSSAPI code Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: openssh-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=372 basalt at easynet.fr changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement Summary|[authkrb5] : KRB5CCNAME set |[RFE] [authkrb5] : |to pointer |KRB5CCNAME

Hi guys While debugging a GSSAPI memory allocation problem not related to OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI credentials resulting in a growing process segment for each connection that uses GSSAPI credentials forwarding. What happens is the following: In the privileged parent, we are calling ssh_gssapi_storecreds() which itself calls

please test Olaf Kirch's patch. it looks fine to me, but i don't to K5. i'd like to see this in the next release. thx -m -------------- next part -------------- --- openssh-3.4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002 +++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002 @@ -73,18 +73,17 @@ * from the ticket */ int -auth_krb5(Authctxt *authctxt, krb5_data *auth, char

Greetings, I'm working on the infrastructure of a medium size client/server environment using an Active Directory running on Windows Server 2003 for central authentication of users on linux clients. Additionally OpenAFS is running using Kerberos authentication through Active Directory as well. Now I want to grant users remote access to their AFS data by logging in into a central OpenSSH

http://bugzilla.mindrot.org/show_bug.cgi?id=372 ------- Additional Comments From simon at sxw.org.uk 2003-05-21 00:45 ------- If this is reproducable, then its a bug somewhere. Could you confirm which Kerberos library and version you've seen this problem with? Are the credentials correctly created in /tmp, and KRB5CCNAME just isn't set right, or are the credentials not being

http://bugzilla.mindrot.org/show_bug.cgi?id=757 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #498 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-12-23 00:44 -------