similar to: GSSAPIKeyExchange and GSSAPIStrictAcceptorCheck

Hi guys I've been browsing the code and at many places I found the following odd sequence: char * string=malloc(somesize); ? bzero(string,strlen(string)); free(string); I really don't see why you would zero a string and free the memory immediately afterwards? Any idea why this is done? Thanks! Met vriendelijke groet Best regards Bien ? vous Miguel SANDERS ArcelorMittal Gent UNIX

Hi Does OpenSSH have a feature in which a client gets kicked out after X minutes of inactivity (no keystrokes)? I have seen this on other SSH implementations but I don't see it in OpenSSH. Thnx! Met vriendelijke groet Best regards Bien ? vous Miguel SANDERS ArcelorMittal Gent UNIX Systems & Storage IT Supply Western Europe | John Kennedylaan 51 B-9042 Gent T +32 9 347 3538 | F +32 9

Hi guys Apparently, there is small memory leak in the do_ssh2_kex() routine in sshd.c. Line 2195 in sshd.c states: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); Where list_hostkey_types() returns a pointer allocated by the xstrdup call (line 735). This pointer should be freed in the calling routine do_ssh2_key(). Should I make a patch for this? Also, since my previous patch

Hi Apparently, the server option "PrintLastLog" does not work on AIX. The last login time is always displayed, disregarding the option. When browsing the code, I found out there are several functions in loginrec.c which solely handle the processing of the last login info (login_get_lastlog, getlast_entry). Since AIX does not provide such a function natively, the configure script sets

Hi I'm currently observing a rather bizarre situation when using password based Kerberos authentication in OpenSSH on AIX. Even though AIX can authenticate a user via Kerberos (using the KRB5A load module), OpenSSH cannot Kerberos authenticate this user. This is caused by the fact that the user has two attributes which OpenSSH doesn't take into account when forming the principal name of

Hi guys While debugging a GSSAPI memory allocation problem not related to OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI credentials resulting in a growing process segment for each connection that uses GSSAPI credentials forwarding. What happens is the following: In the privileged parent, we are calling ssh_gssapi_storecreds() which itself calls

Hi guys We recently upgraded our Samba clusters from 4.7.5 to 4.8.3 and noticed a difference in behavior for winbind. The situation is as follows Assume we have a local Linux user XYZ (UID 519) as well as a AD user object XYZ (UID 30001).     idmap config * : backend = tdb2     idmap config * : range = 30000-50000 In our share definitions we regularly use the "force user"

Hi This is the global section of smb.conf. [global]         workgroup = DOMAIN         realm = DOMAIN.COM         netbios name = SAMBA         security = ads         clustering = yes         idmap config * : backend = tdb2         idmap config * : range = 30000-50000         passdb backend = tdbsam         ctdbd socket = /usr/samba/var/run/ctdb/ctdbd.socket         winbind separator =

https://bugzilla.mindrot.org/show_bug.cgi?id=2637 Bug ID: 2637 Summary: GSSAPIStrictAcceptorCheck should default to 'yes' Product: Portable OpenSSH Version: 7.3p1 Hardware: Sparc OS: Solaris Status: NEW Severity: minor Priority: P5 Component: Kerberos support Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=2198 Bug ID: 2198 Summary: GSSAPIKeyExchange gssapi-keyex bug in kex.c choose_kex() Product: Portable OpenSSH Version: 6.4p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: Kerberos support

https://bugzilla.mindrot.org/show_bug.cgi?id=3642 Bug ID: 3642 Summary: GSS treats hostnames case sensitive -> suggestion for docs of GSSAPIStrictAcceptorCheck setting Product: Portable OpenSSH Version: 9.5p1 Hardware: amd64 OS: FreeBSD Status: NEW Severity: enhancement

https://bugzilla.mindrot.org/show_bug.cgi?id=3406 Bug ID: 3406 Summary: RSA key authentication doesn't work with enabled GSSAPIKeyExchange: sign_and_send_pubkey: internal error: initial hostkey not recorded Product: Portable OpenSSH Version: 8.9p1 Hardware: Other OS: Linux

https://bugzilla.mindrot.org/show_bug.cgi?id=1601 Summary: Memory leak caused by forwarded GSSAPI credential store Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=1583 Summary: User principal name in AIX Product: Portable OpenSSH Version: 5.2p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

https://bugzilla.mindrot.org/show_bug.cgi?id=1582 Summary: memory leak in do_ssh2_kex() routine (sshd.c) Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

On 16/12/14 18:15, Alexander Dalloz wrote: > Am 16.12.2014 um 16:03 schrieb For at ll: >> On 15.12.2014 12:50, Steve Clark wrote: >>> On 12/15/2014 05:51 AM, For at ll wrote: >>>> Hi >>>> >>>> I had a two repo for cento6 where I can download httpd 2.2.29, >>>> (baseurl=http://centos.alt.ru/repository/centos/6/$basearch/) and

I try to get Samba 4 with ssh running. I found in the Script from Matthieu Patou tot he sysvol sync the follwing intresting line. --- kinit -k -t /etc/krb5.keytab `hostname -s | tr "[:lower:]" "[:upper:]"`\$ rsync -X -u -a $dc_account_name\$@${dc}.${domain}:$SYSVOL $STAGING --- when i understand correct he uses the domain controller service principle to connect to the

https://bugzilla.mindrot.org/show_bug.cgi?id=1595 Summary: Server option PrintLastLog does not work on AIX Product: Portable OpenSSH Version: 5.2p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

On Thu, December 18, 2014 00:31, Jake Shipton wrote: > > Hi Alex, > > In this situation 2.2.29 actually does offer an advantage over CentOS > version 2.2.15. > > The version provided by CentOS does not support Forward Secrecy for SSL > or TLS 1.2. > > Version 2.2.24+ of upstream Apache includes patches which enable both > Forward Secrecy and TLS 1.2. > > Now

Sounds like Comcast's manual for CALEA compliance was leaked. Pretty interesting read if you are curious: http://www.fas.org/blog/secrecy/ Direct link (PDF): http://www.fas.org/blog/secrecy/docs/handbook.pdf -- Kristian Kielhofner