From owner-freebsd-bugs  Wed Aug  9  7:20:10 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id B6FB937BD9D
	for <freebsd-bugs@FreeBSD.org>; Wed,  9 Aug 2000 07:20:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id HAA85052;
	Wed, 9 Aug 2000 07:20:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 266F737BD9E; Wed,  9 Aug 2000 07:18:17 -0700 (PDT)
Message-Id: <20000809141817.266F737BD9E@hub.freebsd.org>
Date: Wed,  9 Aug 2000 07:18:17 -0700 (PDT)
From: Mark.Andrews@nominum.com
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: misc/20504: [PATCH] ssh (openssh) cannot connect to sshd (ssh.com) using kerberos5
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         20504
>Category:       misc
>Synopsis:       [PATCH] ssh (openssh) cannot connect to sshd (ssh.com) using kerberos5
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 09 07:20:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Mark Andrews
>Release:        4.1 STABLE
>Organization:
Nominum
>Environment:
FreeBSD drugs.dv.isc.org 4.1-STABLE FreeBSD 4.1-STABLE #0: Tue Aug  8 18:01:02 EST 2000     marka@drugs.dv.isc.org:/usr/obj/usr/src/sys/DRUGS  i386

>Description:
openssh and ssh.com disagree about which protocol values should be
used w/ kerberos5.

The patch below allows ssh from openssh to connect to sshd from
ssh.com.
>How-To-Repeat:
Find a site running a sshd from ssh.com and try to connect to it with
ssh (openssh) compiled w/ kerberos5. 

/etc/make.conf
MAKE_KERBEROS5= yes

apply fixes in misc/20502 and misc/18995

~/.ssh/config
kerberos5authentication yes
kerberos5tgtpassing yes

>Fix:
ZGlmZiAtdXIgY3J5cHRvL29wZW5zc2gvcmVhZGNvbmYuYyBjcnlwdG8vb3BlbnNzaC9yZWFk
Y29uZi5jCi0tLSBjcnlwdG8vb3BlbnNzaC9yZWFkY29uZi5jCU1vbiBKdWwgMzEgMTc6NDc6
MzcgMjAwMAorKysgY3J5cHRvL29wZW5zc2gvcmVhZGNvbmYuYwlXZWQgQXVnICA5IDIyOjUx
OjA5IDIwMDAKQEAgLTk4LDcgKzk4LDcgQEAKIAlvS3JiNEF1dGhlbnRpY2F0aW9uLAogI2Vu
ZGlmIC8qIEtSQjQgKi8KICNpZmRlZiBLUkI1Ci0Jb0tyYjVBdXRoZW50aWNhdGlvbiwgb0ty
YjVUZ3RQYXNzaW5nLAorCW9LcmI1QXV0aGVudGljYXRpb24sIG9LcmI1VGd0UGFzc2luZywg
b0tyYjVPdmVyS3JiNCwKICNlbmRpZiAvKiBLUkI1ICovCiAjaWZkZWYgQUZTCiAJb0tyYjRU
Z3RQYXNzaW5nLCBvQUZTVG9rZW5QYXNzaW5nLApAQCAtMTMzLDYgKzEzMyw3IEBACiAjaWZk
ZWYgS1JCNQogCXsgImtlcmJlcm9zNWF1dGhlbnRpY2F0aW9uIiwgb0tyYjVBdXRoZW50aWNh
dGlvbiB9LAogCXsgImtlcmJlcm9zNXRndHBhc3NpbmciLCBvS3JiNVRndFBhc3NpbmcgfSwK
Kwl7ICJrZXJiZXJvczVvdmVya2VyYmVyb3M0Iiwgb0tyYjVPdmVyS3JiNCB9LAogI2VuZGlm
IC8qIEtSQjUgKi8KICNpZmRlZiBBRlMKIAl7ICJrZXJiZXJvczR0Z3RwYXNzaW5nIiwgb0ty
YjRUZ3RQYXNzaW5nIH0sCkBAIC0zMzEsNiArMzMyLDEwIEBACiAJY2FzZSBvS3JiNVRndFBh
c3Npbmc6CiAJCWludHB0ciA9ICZvcHRpb25zLT5rcmI1X3RndF9wYXNzaW5nOwogCQlnb3Rv
IHBhcnNlX2ZsYWc7CisKKwljYXNlIG9LcmI1T3ZlcktyYjQ6CisJCWludHB0ciA9ICZvcHRp
b25zLT5rcmI1X292ZXJfa3JiNDsKKwkJZ290byBwYXJzZV9mbGFnOwogI2VuZGlmIC8qIEtS
QjUgKi8KIAogI2lmZGVmIEFGUwpAQCAtNjc0LDYgKzY3OSw3IEBACiAjaWZkZWYgS1JCNQog
CW9wdGlvbnMtPmtyYjVfYXV0aGVudGljYXRpb24gPSAtMTsKIAlvcHRpb25zLT5rcmI1X3Rn
dF9wYXNzaW5nID0gLTE7CisJb3B0aW9ucy0+a3JiNV9vdmVyX2tyYjQgPSAtMTsKICNlbmRp
ZiAvKiBLUkI1ICovCiAjaWZkZWYgQUZTCiAJb3B0aW9ucy0+a3JiNF90Z3RfcGFzc2luZyA9
IC0xOwpAQCAtNzQzLDYgKzc0OSw4IEBACiAJCW9wdGlvbnMtPmtyYjVfYXV0aGVudGljYXRp
b24gPSAxOwogCWlmIChvcHRpb25zLT5rcmI1X3RndF9wYXNzaW5nID09IC0xKQogCQlvcHRp
b25zLT5rcmI1X3RndF9wYXNzaW5nID0gMTsKKwlpZiAob3B0aW9ucy0+a3JiNV9vdmVyX2ty
YjQgPT0gLTEpCisJCW9wdGlvbnMtPmtyYjVfb3Zlcl9rcmI0ID0gMDsKICNlbmRpZiAvKiBL
UkI1ICovCiAjaWZkZWYgQUZTCiAJaWYgKG9wdGlvbnMtPmtyYjRfdGd0X3Bhc3NpbmcgPT0g
LTEpCmRpZmYgLXVyIGNyeXB0by9vcGVuc3NoL3JlYWRjb25mLmggY3J5cHRvL29wZW5zc2gv
cmVhZGNvbmYuaAotLS0gY3J5cHRvL29wZW5zc2gvcmVhZGNvbmYuaAlGcmkgSnVuICA5IDE3
OjEwOjIwIDIwMDAKKysrIGNyeXB0by9vcGVuc3NoL3JlYWRjb25mLmgJV2VkIEF1ZyAgOSAy
Mjo0Mzo0MCAyMDAwCkBAIC00Nyw2ICs0Nyw3IEBACiAjaWZkZWYgS1JCNQogCWludAlrcmI1
X2F1dGhlbnRpY2F0aW9uOwogCWludAlrcmI1X3RndF9wYXNzaW5nOworCWludAlrcmI1X292
ZXJfa3JiNDsKICNlbmRpZiAvKiBLUkI1ICovCiAKICNpZmRlZiBBRlMKZGlmZiAtdXIgY3J5
cHRvL29wZW5zc2gvc3NoY29ubmVjdC5jIGNyeXB0by9vcGVuc3NoL3NzaGNvbm5lY3QuYwot
LS0gY3J5cHRvL29wZW5zc2gvc3NoY29ubmVjdC5jCUZyaSBKdW4gIDkgMTc6MTA6MjEgMjAw
MAorKysgY3J5cHRvL29wZW5zc2gvc3NoY29ubmVjdC5jCVdlZCBBdWcgIDkgMjM6MDE6MDEg
MjAwMApAQCAtNzI0LDcgKzcyNCw4IEBACiAgICAgIGdvdG8gb3V0OwogICB9CiAgIAotICBw
YWNrZXRfc3RhcnQoU1NIX0NNU0dfQVVUSF9LUkI1KTsKKyAgcGFja2V0X3N0YXJ0KG9wdGlv
bnMua3JiNV9vdmVyX2tyYjQgPworCSAgICAgICBTU0hfQ01TR19BVVRIX0tSQjQgOiBTU0hf
Q01TR19BVVRIX0tSQjUpOwogICBwYWNrZXRfcHV0X3N0cmluZygoY2hhciAqKSBhcC5kYXRh
LCBhcC5sZW5ndGgpOwogICBwYWNrZXRfc2VuZCgpOwogICBwYWNrZXRfd3JpdGVfd2FpdCgp
OwpAQCAtNzQwLDYgKzc0MSwxMSBAQAogICAgICAgICAgICAgICAgIHJldCA9IDA7CiAgICAg
ICAgICAgICAgICAgYnJlYWs7CiAKKyAgICAgICAgIGNhc2UgU1NIX1NNU0dfQVVUSF9LUkI0
X1JFU1BPTlNFOgorCQlpZiAoIW9wdGlvbnMua3JiNV9vdmVyX2tyYjQpCisJCQlnb3RvIGZh
aWw7CisJCS8qRkFMTFRIUk9VR0gqLworCiAgICAgICAgICBjYXNlIFNTSF9TTVNHX0FVVEhf
S1JCNV9SRVNQT05TRToKICAgICAgICAgICAgICAgICAvKiBTU0hfU01TR19BVVRIX0tSQjVf
U1VDQ0VTUyAqLwogICAgICAgICAgICAgICAgIGRlYnVnKCJLZXJiZXJvcyBWNSBhdXRoZW50
aWNhdGlvbiBhY2NlcHRlZC4iKTsKQEAgLTc1OCw2ICs3NjQsNyBAQAogCQlicmVhazsKIAkK
IAlkZWZhdWx0OgorCWZhaWw6CiAJCXBhY2tldF9kaXNjb25uZWN0KCJQcm90b2NvbCBlcnJv
ciBvbiBLZXJiZXJvcyBWNSByZXNwb25zZTogJWQiLCB0eXBlKTsKIAkJcmV0ID0gMDsgCiAJ
CWJyZWFrOwpAQCAtODUyLDcgKzg1OSw4IEBACiAgICAgIGdvdG8gb3V0OwogICB9CiAgIAot
ICBwYWNrZXRfc3RhcnQoU1NIX0NNU0dfSEFWRV9LUkI1X1RHVCk7CisgIHBhY2tldF9zdGFy
dChvcHRpb25zLmtyYjVfb3Zlcl9rcmI0ID8KKwkgICAgICAgU1NIX0NNU0dfSEFWRV9LUkI0
X1RHVCA6IFNTSF9DTVNHX0hBVkVfS1JCNV9UR1QpOwogICBwYWNrZXRfcHV0X3N0cmluZygo
Y2hhciAqKW91dGJ1Zi5kYXRhLCBvdXRidWYubGVuZ3RoKTsKICAgcGFja2V0X3NlbmQoKTsK
ICAgcGFja2V0X3dyaXRlX3dhaXQoKTsKZGlmZiAtdXIgY3J5cHRvL29wZW5zc2gvc3NoY29u
bmVjdDEuYyBjcnlwdG8vb3BlbnNzaC9zc2hjb25uZWN0MS5jCi0tLSBjcnlwdG8vb3BlbnNz
aC9zc2hjb25uZWN0MS5jCUZyaSBKdW4gIDkgMTc6MTA6MjEgMjAwMAorKysgY3J5cHRvL29w
ZW5zc2gvc3NoY29ubmVjdDEuYwlXZWQgQXVnICA5IDIzOjA1OjIyIDIwMDAKQEAgLTk1OSw3
ICs5NTksOSBAQAogI2VuZGlmIC8qIEtSQjQgKi8KIAogI2lmZGVmIEtSQjUKLQlpZiAoKHN1
cHBvcnRlZF9hdXRoZW50aWNhdGlvbnMgJiAoMSA8PCBTU0hfQVVUSF9LUkI1KSkgJiYKKwlp
ZiAoKChzdXBwb3J0ZWRfYXV0aGVudGljYXRpb25zICYgKDEgPDwgU1NIX0FVVEhfS1JCNSkp
IHx8CisJICAgICAoKHN1cHBvcnRlZF9hdXRoZW50aWNhdGlvbnMgJiAoMSA8PCBTU0hfQVVU
SF9LUkI0KSkgJiYKKwkgICAgICBvcHRpb25zLmtyYjVfb3Zlcl9rcmI0KSkgJiYKIAkgICAg
IG9wdGlvbnMua3JiNV9hdXRoZW50aWNhdGlvbil7CiAJCWtyYjVfY29udGV4dCBzc2hfY29u
dGV4dCA9IE5VTEw7CiAJCWtyYjVfYXV0aF9jb250ZXh0IGF1dGhfY29udGV4dCA9IE5VTEw7
Cg==


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message