rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

revert the default of KerberosUseKuserok back to yes (#1153076)

Browse Source
This commit is contained in:
Petr Lautrbach 2014-10-24 19:59:55 +02:00
parent 0f0e055d6a
commit 1ba984dcf2
1 changed files with 31 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
openssh-6.6p1-kuserok.patch
View File

@ -52,10 +52,11 @@ diff -up openssh-6.6p1/gss-serv-krb5.c.kuserok openssh-6.6p1/gss-serv-krb5.c
retval = 1; retval = 1;
logit("Authorized to %s, krb5 principal %s (krb5_kuserok)", logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
name, (char *)client->displayname.value); name, (char *)client->displayname.value);
diff -up openssh-6.6p1/servconf.c.kuserok openssh-6.6p1/servconf.c diff --git a/servconf.c b/servconf.c
--- openssh-6.6p1/servconf.c.kuserok 2014-05-07 10:35:30.783053881 +0200 index 68fb9ef..904c869 100644
+++ openssh-6.6p1/servconf.c 2014-05-07 10:39:13.133189061 +0200 --- a/servconf.c
@@ -157,6 +157,7 @@ initialize_server_options(ServerOptions +++ b/servconf.c
@@ -157,6 +157,7 @@ initialize_server_options(ServerOptions *options)
options->ip_qos_interactive = -1; options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1; options->ip_qos_bulk = -1;
options->version_addendum = NULL; options->version_addendum = NULL;
@ -63,12 +64,12 @@ diff -up openssh-6.6p1/servconf.c.kuserok openssh-6.6p1/servconf.c
} }
void void
@@ -312,6 +313,8 @@ fill_default_server_options(ServerOption @@ -312,6 +313,8 @@ fill_default_server_options(ServerOptions *options)
options->version_addendum = xstrdup(""); options->version_addendum = xstrdup("");
if (options->show_patchlevel == -1) if (options->show_patchlevel == -1)
options->show_patchlevel = 0; options->show_patchlevel = 0;
+ if (options->use_kuserok == -1) + if (options->use_kuserok == -1)
+ options->use_kuserok = 0; + options->use_kuserok = 1;
/* Turn privilege separation on by default */ /* Turn privilege separation on by default */
if (use_privsep == -1) if (use_privsep == -1)
@ -95,7 +96,7 @@ diff -up openssh-6.6p1/servconf.c.kuserok openssh-6.6p1/servconf.c
#endif #endif
{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
@@ -1526,6 +1531,10 @@ process_server_config_line(ServerOptions @@ -1526,6 +1531,10 @@ process_server_config_line(ServerOptions *options, char *line,
*activep = value; *activep = value;
break; break;
@ -106,7 +107,7 @@ diff -up openssh-6.6p1/servconf.c.kuserok openssh-6.6p1/servconf.c
case sPermitOpen: case sPermitOpen:
arg = strdelim(&cp); arg = strdelim(&cp);
if (!arg || *arg == '\0') if (!arg || *arg == '\0')
@@ -1811,6 +1820,7 @@ copy_set_server_options(ServerOptions *d @@ -1811,6 +1820,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(max_authtries); M_CP_INTOPT(max_authtries);
M_CP_INTOPT(ip_qos_interactive); M_CP_INTOPT(ip_qos_interactive);
M_CP_INTOPT(ip_qos_bulk); M_CP_INTOPT(ip_qos_bulk);
@ -122,9 +123,10 @@ diff -up openssh-6.6p1/servconf.c.kuserok openssh-6.6p1/servconf.c
/* string arguments */ /* string arguments */
dump_cfg_string(sPidFile, o->pid_file); dump_cfg_string(sPidFile, o->pid_file);
diff -up openssh-6.6p1/servconf.h.kuserok openssh-6.6p1/servconf.h diff --git a/servconf.h b/servconf.h
--- openssh-6.6p1/servconf.h.kuserok 2014-05-07 10:35:30.783053881 +0200 index 37cfa9b..5117dfa 100644
+++ openssh-6.6p1/servconf.h 2014-05-07 10:35:30.802053808 +0200 --- a/servconf.h
+++ b/servconf.h
@@ -173,6 +173,7 @@ typedef struct { @@ -173,6 +173,7 @@ typedef struct {
int num_permitted_opens; int num_permitted_opens;
@ -133,17 +135,30 @@ diff -up openssh-6.6p1/servconf.h.kuserok openssh-6.6p1/servconf.h
char *chroot_directory; char *chroot_directory;
char *revoked_keys_file; char *revoked_keys_file;
char *trusted_user_ca_keys; char *trusted_user_ca_keys;
diff -up openssh-6.6p1/sshd_config.5.kuserok openssh-6.6p1/sshd_config.5 diff --git a/sshd_config b/sshd_config
--- openssh-6.6p1/sshd_config.5.kuserok 2014-05-07 10:35:30.786053870 +0200 index adfd7b1..e772ed5 100644
+++ openssh-6.6p1/sshd_config.5 2014-05-07 10:43:04.784285016 +0200 --- a/sshd_config
@@ -697,6 +697,10 @@ Specifies whether to automatically destr +++ b/sshd_config
@@ -87,6 +87,7 @@ ChallengeResponseAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
+#KerberosUseKuserok yes
# GSSAPI options
GSSAPIAuthentication yes
diff --git a/sshd_config.5 b/sshd_config.5
index 1fb002d..e0e5fff 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -697,6 +697,10 @@ Specifies whether to automatically destroy the user's ticket cache
file on logout. file on logout.
The default is The default is
.Dq yes . .Dq yes .
+.It Cm KerberosUseKuserok +.It Cm KerberosUseKuserok
+Specifies whether to look at .k5login file for user's aliases. +Specifies whether to look at .k5login file for user's aliases.
+The default is +The default is
+.Dq no . +.Dq yes .
.It Cm KexAlgorithms .It Cm KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms. Specifies the available KEX (Key Exchange) algorithms.
Multiple algorithms must be comma-separated. Multiple algorithms must be comma-separated.
@ -155,14 +170,3 @@ diff -up openssh-6.6p1/sshd_config.5.kuserok openssh-6.6p1/sshd_config.5
.Cm MaxAuthTries , .Cm MaxAuthTries ,
.Cm MaxSessions , .Cm MaxSessions ,
.Cm PasswordAuthentication , .Cm PasswordAuthentication ,
diff -up openssh-6.6p1/sshd_config.kuserok openssh-6.6p1/sshd_config
--- openssh-6.6p1/sshd_config.kuserok 2014-05-07 10:35:30.803053804 +0200
+++ openssh-6.6p1/sshd_config 2014-05-07 10:38:30.735354431 +0200
@@ -87,6 +87,7 @@ ChallengeResponseAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
+#KerberosUseKuserok no
# GSSAPI options
GSSAPIAuthentication yes