Date: Thu, 5 Sep 2013 22:45:17 +0400 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: Dag-Erling Sm??rgrav <des@des.no> Cc: freebsd-security@FreeBSD.org, Lev Serebryakov <lev@FreeBSD.org> Subject: Re: OpenSSH, PAM and kerberos Message-ID: <20130905184517.GB34714@zxy.spb.ru> In-Reply-To: <86r4d6t2hl.fsf@nine.des.no> References: <20130903083301.GF3796@zxy.spb.ru> <86y57euu8y.fsf@nine.des.no> <20130903093756.GG3796@zxy.spb.ru> <86ppsqutw7.fsf@nine.des.no> <20130903095316.GH3796@zxy.spb.ru> <86li3euovr.fsf@nine.des.no> <20130903115050.GJ3796@zxy.spb.ru> <864na2ujh7.fsf@nine.des.no> <5010498171.20130903174620@serebryakov.spb.ru> <86r4d6t2hl.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 03, 2013 at 04:16:06PM +0200, Dag-Erling Sm??rgrav wrote: > Lev Serebryakov <lev@FreeBSD.org> writes: > > "Dag-Erling Sm??rgrav" <des@des.no> writes: > > > Actually, sshd already does most of this by farming PAM out to a > > > child process. > > And, IMHO, proper way to fix this bug is to fix it here, as "most of > > things" is already done. > > Feel free to submit patches. Now I found next strange behaviour: for account with not found login class sshd refuse GSSAPIAuthentication. Telnet don't do this strange restriction. (I use login class 'me' in Kerberos/NIS setup).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130905184517.GB34714>