forked from rpms/openssh
gssapi credentials need to be stored before a pam session opened (#987792)
This commit is contained in:
parent
115aad3f92
commit
b20efed7e1
@ -2846,35 +2846,6 @@ diff -up openssh-6.2p1/sshd.c.gsskex openssh-6.2p1/sshd.c
|
||||
/*
|
||||
* We don't want to listen forever unless the other side
|
||||
* successfully authenticates itself. So we set up an alarm which is
|
||||
@@ -2139,14 +2200,6 @@ main(int ac, char **av)
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
audit_event(SSH_AUTH_SUCCESS);
|
||||
#endif
|
||||
-
|
||||
-#ifdef GSSAPI
|
||||
- if (options.gss_authentication) {
|
||||
- temporarily_use_uid(authctxt->pw);
|
||||
- ssh_gssapi_storecreds();
|
||||
- restore_uid();
|
||||
- }
|
||||
-#endif
|
||||
#ifdef WITH_SELINUX
|
||||
ssh_selinux_setup_exec_context(authctxt->pw->pw_name);
|
||||
#endif
|
||||
@@ -2156,6 +2209,13 @@ main(int ac, char **av)
|
||||
do_pam_session();
|
||||
}
|
||||
#endif
|
||||
+#ifdef GSSAPI
|
||||
+ if (options.gss_authentication) {
|
||||
+ temporarily_use_uid(authctxt->pw);
|
||||
+ ssh_gssapi_storecreds();
|
||||
+ restore_uid();
|
||||
+ }
|
||||
+#endif
|
||||
|
||||
/*
|
||||
* In privilege separation, we fork another child and prepare
|
||||
@@ -2466,6 +2526,48 @@ do_ssh2_kex(void)
|
||||
|
||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
|
||||
|
Loading…
Reference in New Issue
Block a user