Displaying 20 results from an estimated 200 matches similar to: "[PATCH] Getting AFS tokens from a GSSAPI-delegated TGT"
2005 Jul 06
0
[PATCH] Simplify Kerberos credentials cache code
The attached patch removes the duplicated credentials cache generation
code in auth-krb5.c and gss-serv-krb5.c, by turning it into a procedure
which is then called by both sections of code.
It's against the latest portable CVS tree.
Cheers,
Simon.
-------------- next part --------------
Index: auth-krb5.c
===================================================================
RCS file:
2002 Mar 09
0
krb5 problem: KRB5CCNAME is ""; possible fix for OpenSSH 3.0.2p1
I'm using a OpenSSH 3.0.2p1 with the krb5 patch from
<http://www.sxw.org.uk/computing/patches/openssh.html>.
I'm getting KRB5CCNAME set to "" even though
<http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98269278629018&w=2>
mentions fixing it. This causes things like kinit to
fail with a somewhat uninformative error message.
The relevant sshd_config lines
2003 Aug 08
1
Help request: merging OpenBSD Kerberos change into Portable.
Hi All.
I'm looking for some help to merge an outstanding Kerberos
credential cache change from OpenBSD into Portable. I don't know enough
about Kerberos to figure out how that change should be applied for the
non-Heimdal(?) code path.
The outstanding diff is attached.
Any volunteers?
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4
2004 Feb 27
2
OPenAFS and OpenSSH replacing kafs
Would OpenSSH be willing to accept a modification similar to the one
below to replace the kafs modification to get an AFS PAG and token?
The nice features of this are that it can be compiled in
even if OpenAFS is not available. At runtime if the
dynamic library is present, it can be loaded and called.
A dynamic lib is used so the setpag is in the same process.
It has been reported that the
2002 Jan 23
1
Fix AFS and Kerberos interaction
Hello,
I going to use ssh with Kerberos V5 support along with support for AFS. I
don't want to use Kerberos V4 or AFS token passing. The only thing I need
from AFS is creating an AFS token (using appropriate function from krb5 API)
after user's authentication. It seems to me that such scenario is not much
supported by the current code. Rather it is assumed only Kerberos 4 will be
used
2004 Jan 01
1
Syncing sshd/krb GetAFSToken change to Portable: help wanted
Hi All.
Recently a change was merged from OpenBSD's sshd into Portable that
implements a KerberosGetAFSToken option (patchset attached).
This change causes compile errors with both MIT Kerberos and Heimdal
(errors when compiled with MIT Kerberos below).
I've figured out that the functions called in the new code are in
Heimdal's libkafs, so adding -lkafs to the start for the
2003 Oct 30
1
Patch to make sshd work on multihomed systems
As far as I know this patch has no security implications -- I don't
believe that allowing sshd to use get_local_name() (in canohost.c) on
a connected socket to determine it's own fqdn will allow a malicious
client (or router or dns server) to make it come to the wrong
conclusion. But please let me know if you think I'm wrong.
Please also let me know if you're just not interested
2017 Feb 09
2
cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
Hi Aurélien,
Thanks for the idea!
For Debian packages:
6.4-1 works
6.5-1 works
6.5-2 works
6.6-1 fails
6.6-5 fails
So looks like something changed from 6.5 to 6.6...
When I have time I'll figure out how to compile the upcall binary.
2016 Sep 04
0
ANNOUNCE: cifs-utils release 6.6 ready for download
Time for a new cifs-utils release!
The main change in this release is a set of cleanups to cifs.upcall to
make it more efficient and work better with alternate style credcaches.
No longer does it blithely stumble around in /tmp looking for
credcaches. We now just use the default credcache that to which the
krb5.conf points.
Go forth and download!
2002 Jan 24
1
PATCH: krb4/krb5/... names/patterns in auth_keys entries
This patch (to OpenSSH 3.0.2p1) adds support for using krb4, krb5 and
other principal names in authorized_keys entries.
It's a sort of replacement for .klogin and .k5login, but it's much more
general than .k*login as it applies to any authentication mechanism
where a name is associated with the ssh client and it supports name
patterns and all the normal authorized_keys entry options
2017 Feb 09
0
cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
Hi Jeff,
Could you look at the following mailing list posting?
https://lists.samba.org/archive/samba/2017-February/206468.html
It looks like cifs.upcall has changed its behavior. As described in
that post, I can mount with root / kerberos, but then cannot access with
another user who has credentials.
The logs indicate that cifs.upcall cannot find the kerberos ticket for
the non-root user.
2017 Feb 10
2
cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
On Thu, 2017-02-09 at 14:45 -0600, Chad William Seys wrote:
> Hi Jeff,
> Could you look at the following mailing list posting?
>
> https://lists.samba.org/archive/samba/2017-February/206468.html
>
> It looks like cifs.upcall has changed its behavior. As described in
> that post, I can mount with root / kerberos, but then cannot access with
> another user who has
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2009 Jan 20
1
[Announce] Samba 3.0.34 Maintainance Release Available
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===============================================================
"Minds are like parachutes.
They only function when they
are open."
Sir James Dewar
===============================================================
Release Announcements
=====================
This is a bug fix release of the Samba 3.0 series.
2009 Jan 20
1
[Announce] Samba 3.0.34 Maintainance Release Available
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===============================================================
"Minds are like parachutes.
They only function when they
are open."
Sir James Dewar
===============================================================
Release Announcements
=====================
This is a bug fix release of the Samba 3.0 series.
2002 Jul 31
2
privsep+kerb5+ssh1
please test Olaf Kirch's patch. it looks fine to me, but i don't to K5.
i'd like to see this in the next release. thx
-m
-------------- next part --------------
--- openssh-3.4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002
+++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002
@@ -73,18 +73,17 @@
* from the ticket
*/
int
-auth_krb5(Authctxt *authctxt, krb5_data *auth, char
2005 Nov 27
3
OpenSSH and Kerberos / Active Directory authentication problems: Credentials cache permission incorrect / No Credentials Cache found
Greetings,
I'm working on the infrastructure of a medium size client/server
environment using an Active Directory running on Windows Server 2003 for
central authentication of users on linux clients.
Additionally OpenAFS is running using Kerberos authentication through
Active Directory as well.
Now I want to grant users remote access to their AFS data by logging in
into a central OpenSSH
2017 Feb 09
0
cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
Chad William Seys via samba <samba at lists.samba.org> writes:
> But when cifs-utils 6.4-1 is installed (from jessie) the different
> user can access as expect. AFAIK there are no other differences besides
> the cifs-utils version.
Not counting any distro-specific patches it seems cifs.upcall only had 5
commits affecting it between these 2 releases:
$ git log
2017 Feb 10
5
cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
On Fri, 2017-02-10 at 11:15 -0600, Chad William Seys wrote:
> Hi Jeff,
>
> > So we have a default credcache for the user for whom we are operating
> > as, but we can't get the default principal name from it. My guess is
> > that it's not finding the
>
> This mount is run by root UID=0 and seems to be find that credential
> cache without problem (earlier