From owner-cvs-all Tue Mar 19 8:24: 0 2002 Delivered-To: cvs-all@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 1BBE537B402; Tue, 19 Mar 2002 08:23:44 -0800 (PST) Received: by gw.nectar.cc (Postfix, from userid 1001) id 92CA89; Tue, 19 Mar 2002 10:23:43 -0600 (CST) Date: Tue, 19 Mar 2002 10:23:43 -0600 From: "Jacques A. Vidrine" To: Dag-Erling Smorgrav Cc: John Hay , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/secure/usr.sbin/sshd Makefile Message-ID: <20020319162343.GA44817@hellblazer.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Dag-Erling Smorgrav , John Hay , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org References: <200203191506.g2JF6HW11561@zibbi.icomtek.csir.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Mar 19, 2002 at 04:17:21PM +0100, Dag-Erling Smorgrav wrote: > Seems that OpenSSH includes the wrong heder for Kerberos 5, so it will > build if neither or both krb4 and krb5 are enabled, but not if only > one of them is. Yes, this is fixed in my version of OpenSSH-portable. I don't see how it ever worked for anybody :-) Here is a patch generated from my tree that contains some unrelated bits (GSS-API stuff). I think you can see the relatively simple change needed, however. Hope this helps, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se Index: servconf.c =================================================================== RCS file: /home/NectarCVS/ssh/servconf.c,v retrieving revision 1.1.1.1.2.1 retrieving revision 1.1.1.1.4.4 diff -u -r1.1.1.1.2.1 -r1.1.1.1.4.4 --- servconf.c 20 Feb 2002 14:47:24 -0000 1.1.1.1.2.1 +++ servconf.c 20 Feb 2002 20:24:03 -0000 1.1.1.1.4.4 @@ -16,13 +16,7 @@ #include #endif #if defined(KRB5) -#ifdef HEIMDAL -#include -#else -/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V - * keytab */ -#define KEYFILE "/etc/krb5.keytab" -#endif +extern const char *krb5_defkeyname; #endif #ifdef AFS #include @@ -88,6 +82,7 @@ options->gss_keyex=-1; options->gss_use_session_ccache = -1; options->gss_cleanup_creds = -1; + options->gss_server_name = NULL; #endif #if defined(KRB4) || defined(KRB5) options->kerberos_authentication = -1; @@ -129,6 +124,10 @@ void fill_default_server_options(ServerOptions *options) { + int krb4_keyfile, krb5_keyfile; + + krb4_keyfile = krb5_keyfile = 0; + /* Portable-specific options */ if (options->pam_authentication_via_kbd_int == -1) options->pam_authentication_via_kbd_int = 0; @@ -193,6 +192,12 @@ options->rsa_authentication = 1; if (options->pubkey_authentication == -1) options->pubkey_authentication = 1; +#ifdef KRB4 + krb4_keyfile = (access(KEYFILE, R_OK) == 0); +#endif +#ifdef KRB5 + krb5_keyfile = (access(krb5_defkeyname, R_OK) == 0); +#endif #ifdef GSSAPI if (options->gss_authentication == -1) options->gss_authentication = 1; @@ -202,10 +207,12 @@ options->gss_use_session_ccache = 1; if (options->gss_cleanup_creds == -1) options->gss_cleanup_creds = 1; + if (options->gss_server_name == NULL) + options->gss_server_name = xstrdup(GSS_SERVER_NAME_SOCKET); #endif #if defined(KRB4) || defined(KRB5) if (options->kerberos_authentication == -1) - options->kerberos_authentication = (access(KEYFILE, R_OK) == 0); + options->kerberos_authentication = krb4_keyfile||krb5_keyfile; if (options->kerberos_or_local_passwd == -1) options->kerberos_or_local_passwd = 1; if (options->kerberos_ticket_cleanup == -1) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message