similar to: Memory leak caused by forwarded GSSAPI credential store

https://bugzilla.mindrot.org/show_bug.cgi?id=1601 Summary: Memory leak caused by forwarded GSSAPI credential store Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at

this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h

Hi guys I've been browsing the code and at many places I found the following odd sequence: char * string=malloc(somesize); ? bzero(string,strlen(string)); free(string); I really don't see why you would zero a string and free the memory immediately afterwards? Any idea why this is done? Thanks! Met vriendelijke groet Best regards Bien ? vous Miguel SANDERS ArcelorMittal Gent UNIX

Hi Does OpenSSH have a feature in which a client gets kicked out after X minutes of inactivity (no keystrokes)? I have seen this on other SSH implementations but I don't see it in OpenSSH. Thnx! Met vriendelijke groet Best regards Bien ? vous Miguel SANDERS ArcelorMittal Gent UNIX Systems & Storage IT Supply Western Europe | John Kennedylaan 51 B-9042 Gent T +32 9 347 3538 | F +32 9

Hi guys Apparently, there is small memory leak in the do_ssh2_kex() routine in sshd.c. Line 2195 in sshd.c states: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); Where list_hostkey_types() returns a pointer allocated by the xstrdup call (line 735). This pointer should be freed in the calling routine do_ssh2_key(). Should I make a patch for this? Also, since my previous patch

Hi I'm currently observing a rather bizarre situation when using password based Kerberos authentication in OpenSSH on AIX. Even though AIX can authenticate a user via Kerberos (using the KRB5A load module), OpenSSH cannot Kerberos authenticate this user. This is caused by the fact that the user has two attributes which OpenSSH doesn't take into account when forming the principal name of

Hi guys We recently upgraded our Samba clusters from 4.7.5 to 4.8.3 and noticed a difference in behavior for winbind. The situation is as follows Assume we have a local Linux user XYZ (UID 519) as well as a AD user object XYZ (UID 30001).     idmap config * : backend = tdb2     idmap config * : range = 30000-50000 In our share definitions we regularly use the "force user"

Hi all, It looks like a bug for me, but I'd like to ask if someone has the same problem. We are using OpenSSH 4.3p2 from Debian 4.0 (stable), but the same problem is with original OpenSSH 4.3p2. When root logins with his kerberos ticket and then logout, his ticket remains on the machine. I found in source (sshd.c) in privsep_postauth function, that if root logins then use_privsep is set to 0

https://bugzilla.mindrot.org/show_bug.cgi?id=1583 Summary: User principal name in AIX Product: Portable OpenSSH Version: 5.2p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

https://bugzilla.mindrot.org/show_bug.cgi?id=1595 Summary: Server option PrintLastLog does not work on AIX Product: Portable OpenSSH Version: 5.2p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

Hi folks Is there any particular reason why these two great features (thanks Simon!) are not part of the OpenSSH mainstream? Met vriendelijke groet Best regards Bien ? vous Miguel SANDERS ArcelorMittal Gent UNIX Systems & Storage IT Supply Western Europe | John Kennedylaan 51 B-9042 Gent T +32 9 347 3538 | F +32 9 347 4901 | M +32478 805 023 E miguel.sanders at arcelormittal.com

Hi Apparently, the server option "PrintLastLog" does not work on AIX. The last login time is always displayed, disregarding the option. When browsing the code, I found out there are several functions in loginrec.c which solely handle the processing of the last login info (login_get_lastlog, getlast_entry). Since AIX does not provide such a function natively, the configure script sets

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

http://bugzilla.mindrot.org/show_bug.cgi?id=751 Summary: KRB5CCNAME set incorrectly in GSSAPI code Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: openssh-bugs at mindrot.org

Hi This is the global section of smb.conf. [global]         workgroup = DOMAIN         realm = DOMAIN.COM         netbios name = SAMBA         security = ads         clustering = yes         idmap config * : backend = tdb2         idmap config * : range = 30000-50000         passdb backend = tdbsam         ctdbd socket = /usr/samba/var/run/ctdb/ctdbd.socket         winbind separator =

Hi All. Markus has commited the long-awaited GSSAPI patch to OpenBSD's ssh. There are patches. The first [1] is a straightforward port of the OpenBSD code to Portable. The second [2] contains the parts I've stolen from Simon Wilkinson's portable GSSAPI patch in an attempt to make it build. It is incomplete and doesn't currently work. The PAM support is not there and

http://bugzilla.mindrot.org/show_bug.cgi?id=1276 Summary: Link stage fails when gssapi exists Product: Portable OpenSSH Version: v4.5p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: bitbucket at mindrot.org ReportedBy: jengelh

http://bugzilla.mindrot.org/show_bug.cgi?id=918 Summary: ssh_gssapi_storecreds called to late to be usable by PAM in sesion.c Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=1582 Summary: memory leak in do_ssh2_kex() routine (sshd.c) Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

So I am in step 10 of the samba4 howto (https://wiki.samba.org/index.php/Samba4/HOWTO#Step_10_Configure_kerberos_DNS_dynamic_updates); my bind9 is 9.7.3 which seems to be current enough for this. In it we are to add tkey-gssapi-credential "DNS/samdom.example.com"; tkey-domain "SAMDOM.EXAMPLE.COM"; to /etc/bind/named.conf.options. Since my test domain is test.domain.com,