add missing patches and remove unused patches
This commit is contained in:
parent
3e1dd6c5fd
commit
7463b66c25
@ -1,65 +0,0 @@
|
||||
diff -U0 openssh-6.3p1/ChangeLog.df openssh-6.3p1/ChangeLog
|
||||
--- openssh-6.3p1/ChangeLog.df 2013-10-23 22:38:03.476272461 +0200
|
||||
+++ openssh-6.3p1/ChangeLog 2013-10-23 22:39:46.051788366 +0200
|
||||
@@ -0,0 +1,8 @@
|
||||
+20131010
|
||||
+ - dtucker@cvs.openbsd.org 2013/10/08 11:42:13
|
||||
+ [dh.c dh.h]
|
||||
+ Increase the size of the Diffie-Hellman groups requested for a each
|
||||
+ symmetric key size. New values from NIST Special Publication 800-57 with
|
||||
+ the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
|
||||
+ djm@.
|
||||
+
|
||||
diff -up openssh-6.3p1/dh.c.df openssh-6.3p1/dh.c
|
||||
--- openssh-6.3p1/dh.c.df 2013-07-18 08:12:07.000000000 +0200
|
||||
+++ openssh-6.3p1/dh.c 2013-10-23 22:38:03.476272461 +0200
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $OpenBSD: dh.c,v 1.51 2013/07/02 12:31:43 markus Exp $ */
|
||||
+/* $OpenBSD: dh.c,v 1.52 2013/10/08 11:42:13 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
*
|
||||
@@ -352,17 +352,20 @@ dh_new_group14(void)
|
||||
|
||||
/*
|
||||
* Estimates the group order for a Diffie-Hellman group that has an
|
||||
- * attack complexity approximately the same as O(2**bits). Estimate
|
||||
- * with: O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3)))
|
||||
+ * attack complexity approximately the same as O(2**bits).
|
||||
+ * Values from NIST Special Publication 800-57: Recommendation for Key
|
||||
+ * Management Part 1 (rev 3) limited by the recommended maximum value
|
||||
+ * from RFC4419 section 3.
|
||||
*/
|
||||
|
||||
int
|
||||
dh_estimate(int bits)
|
||||
{
|
||||
-
|
||||
+ if (bits <= 112)
|
||||
+ return 2048;
|
||||
if (bits <= 128)
|
||||
- return (1024); /* O(2**86) */
|
||||
+ return 3072;
|
||||
if (bits <= 192)
|
||||
- return (2048); /* O(2**116) */
|
||||
- return (4096); /* O(2**156) */
|
||||
+ return 7680;
|
||||
+ return 8192;
|
||||
}
|
||||
diff -up openssh-6.3p1/dh.h.df openssh-6.3p1/dh.h
|
||||
--- openssh-6.3p1/dh.h.df 2008-06-29 14:47:04.000000000 +0200
|
||||
+++ openssh-6.3p1/dh.h 2013-10-23 22:38:03.476272461 +0200
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $OpenBSD: dh.h,v 1.10 2008/06/26 09:19:40 djm Exp $ */
|
||||
+/* $OpenBSD: dh.h,v 1.11 2013/10/08 11:42:13 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
@@ -43,6 +43,7 @@ int dh_pub_is_valid(DH *, BIGNUM *);
|
||||
|
||||
int dh_estimate(int);
|
||||
|
||||
+/* Min and max values from RFC4419. */
|
||||
#define DH_GRP_MIN 1024
|
||||
#define DH_GRP_MAX 8192
|
||||
|
@ -1,37 +0,0 @@
|
||||
diff -U0 openssh-6.4p1/ChangeLog.bad-env-var openssh-6.4p1/ChangeLog
|
||||
--- openssh-6.4p1/ChangeLog.bad-env-var 2014-03-19 21:37:36.270509907 +0100
|
||||
+++ openssh-6.4p1/ChangeLog 2014-03-19 21:37:36.276509878 +0100
|
||||
@@ -0,0 +1,7 @@
|
||||
+20140304
|
||||
+ - OpenBSD CVS Sync
|
||||
+ - djm@cvs.openbsd.org 2014/03/03 22:22:30
|
||||
+ [session.c]
|
||||
+ ignore enviornment variables with embedded '=' or '\0' characters;
|
||||
+ spotted by Jann Horn; ok deraadt@
|
||||
+
|
||||
diff -up openssh-6.4p1/session.c.bad-env-var openssh-6.4p1/session.c
|
||||
--- openssh-6.4p1/session.c.bad-env-var 2014-03-19 21:37:36.233510090 +0100
|
||||
+++ openssh-6.4p1/session.c 2014-03-19 21:37:36.277509873 +0100
|
||||
@@ -990,6 +990,11 @@ child_set_env(char ***envp, u_int *envsi
|
||||
u_int envsize;
|
||||
u_int i, namelen;
|
||||
|
||||
+ if (strchr(name, '=') != NULL) {
|
||||
+ error("Invalid environment variable \"%.100s\"", name);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
/*
|
||||
* If we're passed an uninitialized list, allocate a single null
|
||||
* entry before continuing.
|
||||
@@ -2255,8 +2260,8 @@ session_env_req(Session *s)
|
||||
char *name, *val;
|
||||
u_int name_len, val_len, i;
|
||||
|
||||
- name = packet_get_string(&name_len);
|
||||
- val = packet_get_string(&val_len);
|
||||
+ name = packet_get_cstring(&name_len);
|
||||
+ val = packet_get_cstring(&val_len);
|
||||
packet_check_eom();
|
||||
|
||||
/* Don't set too many environment variables */
|
@ -1,6 +1,7 @@
|
||||
diff -up openssh-6.3p1/gss-serv-krb5.c.force_krb openssh-6.3p1/gss-serv-krb5.c
|
||||
--- openssh-6.3p1/gss-serv-krb5.c.force_krb 2013-10-11 18:58:51.553948159 +0200
|
||||
+++ openssh-6.3p1/gss-serv-krb5.c 2013-10-11 21:40:49.972337025 +0200
|
||||
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
|
||||
index 42de994..60de320 100644
|
||||
--- a/gss-serv-krb5.c
|
||||
+++ b/gss-serv-krb5.c
|
||||
@@ -32,7 +32,9 @@
|
||||
#include <sys/types.h>
|
||||
|
||||
@ -38,7 +39,7 @@ diff -up openssh-6.3p1/gss-serv-krb5.c.force_krb openssh-6.3p1/gss-serv-krb5.c
|
||||
static krb5_context krb_context = NULL;
|
||||
|
||||
/* Initialise the krb5 library, for the stuff that GSSAPI won't do */
|
||||
@@ -87,6 +98,7 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client
|
||||
@@ -87,6 +98,7 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
|
||||
krb5_principal princ;
|
||||
int retval;
|
||||
const char *errmsg;
|
||||
@ -46,7 +47,7 @@ diff -up openssh-6.3p1/gss-serv-krb5.c.force_krb openssh-6.3p1/gss-serv-krb5.c
|
||||
|
||||
if (ssh_gssapi_krb5_init() == 0)
|
||||
return 0;
|
||||
@@ -98,10 +110,22 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client
|
||||
@@ -98,10 +110,22 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
|
||||
krb5_free_error_message(krb_context, errmsg);
|
||||
return 0;
|
||||
}
|
||||
@ -70,7 +71,7 @@ diff -up openssh-6.3p1/gss-serv-krb5.c.force_krb openssh-6.3p1/gss-serv-krb5.c
|
||||
} else
|
||||
retval = 0;
|
||||
|
||||
@@ -109,6 +133,135 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client
|
||||
@@ -109,6 +133,135 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
|
||||
return retval;
|
||||
}
|
||||
|
||||
@ -206,19 +207,20 @@ diff -up openssh-6.3p1/gss-serv-krb5.c.force_krb openssh-6.3p1/gss-serv-krb5.c
|
||||
|
||||
/* This writes out any forwarded credentials from the structure populated
|
||||
* during userauth. Called after we have setuid to the user */
|
||||
diff -up openssh-6.3p1/session.c.force_krb openssh-6.3p1/session.c
|
||||
--- openssh-6.3p1/session.c.force_krb 2013-10-11 18:58:51.487948468 +0200
|
||||
+++ openssh-6.3p1/session.c 2013-10-11 18:58:51.563948112 +0200
|
||||
@@ -823,6 +823,29 @@ do_exec(Session *s, const char *command)
|
||||
debug("Forced command (key option) '%.900s'", command);
|
||||
diff --git a/session.c b/session.c
|
||||
index b5dc144..ba4589b 100644
|
||||
--- a/session.c
|
||||
+++ b/session.c
|
||||
@@ -806,6 +806,29 @@ do_exec(Session *s, const char *command)
|
||||
command = forced_command;
|
||||
forced = "(key-option)";
|
||||
}
|
||||
|
||||
+#ifdef GSSAPI
|
||||
+#ifdef KRB5 /* k5users_allowed_cmds only available w/ GSSAPI+KRB5 */
|
||||
+ else if (k5users_allowed_cmds) {
|
||||
+ const char *match = command;
|
||||
+ int allowed = 0, i = 0;
|
||||
+
|
||||
+
|
||||
+ if (!match)
|
||||
+ match = s->pw->pw_shell;
|
||||
+ while (k5users_allowed_cmds[i]) {
|
||||
@ -236,12 +238,13 @@ diff -up openssh-6.3p1/session.c.force_krb openssh-6.3p1/session.c
|
||||
+#endif
|
||||
+#endif
|
||||
+
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
if (s->command != NULL || s->command_handle != -1)
|
||||
fatal("do_exec: command already set");
|
||||
diff -up openssh-6.3p1/ssh-gss.h.force_krb openssh-6.3p1/ssh-gss.h
|
||||
--- openssh-6.3p1/ssh-gss.h.force_krb 2013-10-11 18:58:51.558948136 +0200
|
||||
+++ openssh-6.3p1/ssh-gss.h 2013-10-11 18:58:51.563948112 +0200
|
||||
if (forced != NULL) {
|
||||
if (IS_INTERNAL_SFTP(command)) {
|
||||
s->is_subsystem = s->is_subsystem ?
|
||||
diff --git a/ssh-gss.h b/ssh-gss.h
|
||||
index 0374c88..509109a 100644
|
||||
--- a/ssh-gss.h
|
||||
+++ b/ssh-gss.h
|
||||
@@ -49,6 +49,10 @@
|
||||
# endif /* !HAVE_DECL_GSS_C_NT_... */
|
||||
|
||||
@ -253,10 +256,11 @@ diff -up openssh-6.3p1/ssh-gss.h.force_krb openssh-6.3p1/ssh-gss.h
|
||||
#endif /* KRB5 */
|
||||
|
||||
/* draft-ietf-secsh-gsskeyex-06 */
|
||||
diff -up openssh-6.3p1/sshd.8.force_krb openssh-6.3p1/sshd.8
|
||||
--- openssh-6.3p1/sshd.8.force_krb 2013-10-11 18:58:51.537948234 +0200
|
||||
+++ openssh-6.3p1/sshd.8 2013-10-11 18:58:51.563948112 +0200
|
||||
@@ -326,6 +326,7 @@ Finally, the server and the client enter
|
||||
diff --git a/sshd.8 b/sshd.8
|
||||
index 058d37a..5c4f15b 100644
|
||||
--- a/sshd.8
|
||||
+++ b/sshd.8
|
||||
@@ -327,6 +327,7 @@ Finally, the server and the client enter an authentication dialog.
|
||||
The client tries to authenticate itself using
|
||||
host-based authentication,
|
||||
public key authentication,
|
||||
@ -264,7 +268,7 @@ diff -up openssh-6.3p1/sshd.8.force_krb openssh-6.3p1/sshd.8
|
||||
challenge-response authentication,
|
||||
or password authentication.
|
||||
.Pp
|
||||
@@ -797,6 +798,12 @@ This file is used in exactly the same wa
|
||||
@@ -800,6 +801,12 @@ This file is used in exactly the same way as
|
||||
but allows host-based authentication without permitting login with
|
||||
rlogin/rsh.
|
||||
.Pp
|
@ -1,7 +1,7 @@
|
||||
diff -up openssh-6.3p1/auth-krb5.c.kuserok openssh-6.3p1/auth-krb5.c
|
||||
--- openssh-6.3p1/auth-krb5.c.kuserok 2013-10-11 21:41:42.889087613 +0200
|
||||
+++ openssh-6.3p1/auth-krb5.c 2013-10-11 21:41:42.905087537 +0200
|
||||
@@ -55,6 +55,20 @@
|
||||
diff -up openssh-6.6p1/auth-krb5.c.kuserok openssh-6.6p1/auth-krb5.c
|
||||
--- openssh-6.6p1/auth-krb5.c.kuserok 2013-10-24 01:53:02.000000000 +0200
|
||||
+++ openssh-6.6p1/auth-krb5.c 2014-05-07 10:42:00.883534478 +0200
|
||||
@@ -54,6 +54,20 @@
|
||||
|
||||
extern ServerOptions options;
|
||||
|
||||
@ -22,18 +22,19 @@ diff -up openssh-6.3p1/auth-krb5.c.kuserok openssh-6.3p1/auth-krb5.c
|
||||
static int
|
||||
krb5_init(void *context)
|
||||
{
|
||||
@@ -159,7 +173,7 @@ auth_krb5_password(Authctxt *authctxt, c
|
||||
@@ -157,8 +171,7 @@ auth_krb5_password(Authctxt *authctxt, c
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) {
|
||||
+ if (!ssh_krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) {
|
||||
- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
|
||||
- authctxt->pw->pw_name)) {
|
||||
+ if (!ssh_krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, authctxt->pw->pw_name)) {
|
||||
problem = -1;
|
||||
goto out;
|
||||
}
|
||||
diff -up openssh-6.3p1/gss-serv-krb5.c.kuserok openssh-6.3p1/gss-serv-krb5.c
|
||||
--- openssh-6.3p1/gss-serv-krb5.c.kuserok 2013-10-11 21:41:42.901087556 +0200
|
||||
+++ openssh-6.3p1/gss-serv-krb5.c 2013-10-11 21:46:42.898673597 +0200
|
||||
diff -up openssh-6.6p1/gss-serv-krb5.c.kuserok openssh-6.6p1/gss-serv-krb5.c
|
||||
--- openssh-6.6p1/gss-serv-krb5.c.kuserok 2014-05-07 10:35:30.792053846 +0200
|
||||
+++ openssh-6.6p1/gss-serv-krb5.c 2014-05-07 10:35:30.801053812 +0200
|
||||
@@ -67,6 +67,7 @@ static int ssh_gssapi_krb5_cmdok(krb5_pr
|
||||
int);
|
||||
|
||||
@ -51,9 +52,9 @@ diff -up openssh-6.3p1/gss-serv-krb5.c.kuserok openssh-6.3p1/gss-serv-krb5.c
|
||||
retval = 1;
|
||||
logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
|
||||
name, (char *)client->displayname.value);
|
||||
diff -up openssh-6.3p1/servconf.c.kuserok openssh-6.3p1/servconf.c
|
||||
--- openssh-6.3p1/servconf.c.kuserok 2013-10-11 21:41:42.896087580 +0200
|
||||
+++ openssh-6.3p1/servconf.c 2013-10-11 21:48:24.664194016 +0200
|
||||
diff -up openssh-6.6p1/servconf.c.kuserok openssh-6.6p1/servconf.c
|
||||
--- openssh-6.6p1/servconf.c.kuserok 2014-05-07 10:35:30.783053881 +0200
|
||||
+++ openssh-6.6p1/servconf.c 2014-05-07 10:39:13.133189061 +0200
|
||||
@@ -157,6 +157,7 @@ initialize_server_options(ServerOptions
|
||||
options->ip_qos_interactive = -1;
|
||||
options->ip_qos_bulk = -1;
|
||||
@ -62,16 +63,16 @@ diff -up openssh-6.3p1/servconf.c.kuserok openssh-6.3p1/servconf.c
|
||||
}
|
||||
|
||||
void
|
||||
@@ -310,6 +311,8 @@ fill_default_server_options(ServerOption
|
||||
@@ -312,6 +313,8 @@ fill_default_server_options(ServerOption
|
||||
options->version_addendum = xstrdup("");
|
||||
if (options->show_patchlevel == -1)
|
||||
options->show_patchlevel = 0;
|
||||
+ if (options->use_kuserok == -1)
|
||||
+ options->use_kuserok = 1;
|
||||
+ options->use_kuserok = 0;
|
||||
|
||||
/* Turn privilege separation on by default */
|
||||
if (use_privsep == -1)
|
||||
@@ -336,7 +339,7 @@ typedef enum {
|
||||
@@ -338,7 +341,7 @@ typedef enum {
|
||||
sPermitRootLogin, sLogFacility, sLogLevel,
|
||||
sRhostsRSAAuthentication, sRSAAuthentication,
|
||||
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
|
||||
@ -80,7 +81,7 @@ diff -up openssh-6.3p1/servconf.c.kuserok openssh-6.3p1/servconf.c
|
||||
sKerberosTgtPassing, sChallengeResponseAuthentication,
|
||||
sPasswordAuthentication, sKbdInteractiveAuthentication,
|
||||
sListenAddress, sAddressFamily,
|
||||
@@ -409,11 +412,13 @@ static struct {
|
||||
@@ -410,11 +413,13 @@ static struct {
|
||||
#else
|
||||
{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
|
||||
#endif
|
||||
@ -94,7 +95,7 @@ diff -up openssh-6.3p1/servconf.c.kuserok openssh-6.3p1/servconf.c
|
||||
#endif
|
||||
{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
|
||||
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
|
||||
@@ -1515,6 +1520,10 @@ process_server_config_line(ServerOptions
|
||||
@@ -1526,6 +1531,10 @@ process_server_config_line(ServerOptions
|
||||
*activep = value;
|
||||
break;
|
||||
|
||||
@ -105,7 +106,7 @@ diff -up openssh-6.3p1/servconf.c.kuserok openssh-6.3p1/servconf.c
|
||||
case sPermitOpen:
|
||||
arg = strdelim(&cp);
|
||||
if (!arg || *arg == '\0')
|
||||
@@ -1815,6 +1824,7 @@ copy_set_server_options(ServerOptions *d
|
||||
@@ -1811,6 +1820,7 @@ copy_set_server_options(ServerOptions *d
|
||||
M_CP_INTOPT(max_authtries);
|
||||
M_CP_INTOPT(ip_qos_interactive);
|
||||
M_CP_INTOPT(ip_qos_bulk);
|
||||
@ -113,7 +114,7 @@ diff -up openssh-6.3p1/servconf.c.kuserok openssh-6.3p1/servconf.c
|
||||
M_CP_INTOPT(rekey_limit);
|
||||
M_CP_INTOPT(rekey_interval);
|
||||
|
||||
@@ -2055,6 +2065,7 @@ dump_config(ServerOptions *o)
|
||||
@@ -2062,6 +2072,7 @@ dump_config(ServerOptions *o)
|
||||
dump_cfg_fmtint(sUseDNS, o->use_dns);
|
||||
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
|
||||
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
|
||||
@ -121,10 +122,10 @@ diff -up openssh-6.3p1/servconf.c.kuserok openssh-6.3p1/servconf.c
|
||||
|
||||
/* string arguments */
|
||||
dump_cfg_string(sPidFile, o->pid_file);
|
||||
diff -up openssh-6.3p1/servconf.h.kuserok openssh-6.3p1/servconf.h
|
||||
--- openssh-6.3p1/servconf.h.kuserok 2013-10-11 21:41:42.896087580 +0200
|
||||
+++ openssh-6.3p1/servconf.h 2013-10-11 21:41:42.907087528 +0200
|
||||
@@ -174,6 +174,7 @@ typedef struct {
|
||||
diff -up openssh-6.6p1/servconf.h.kuserok openssh-6.6p1/servconf.h
|
||||
--- openssh-6.6p1/servconf.h.kuserok 2014-05-07 10:35:30.783053881 +0200
|
||||
+++ openssh-6.6p1/servconf.h 2014-05-07 10:35:30.802053808 +0200
|
||||
@@ -173,6 +173,7 @@ typedef struct {
|
||||
|
||||
int num_permitted_opens;
|
||||
|
||||
@ -132,21 +133,21 @@ diff -up openssh-6.3p1/servconf.h.kuserok openssh-6.3p1/servconf.h
|
||||
char *chroot_directory;
|
||||
char *revoked_keys_file;
|
||||
char *trusted_user_ca_keys;
|
||||
diff -up openssh-6.3p1/sshd_config.5.kuserok openssh-6.3p1/sshd_config.5
|
||||
--- openssh-6.3p1/sshd_config.5.kuserok 2013-10-11 21:41:42.898087571 +0200
|
||||
+++ openssh-6.3p1/sshd_config.5 2013-10-11 21:41:42.907087528 +0200
|
||||
@@ -675,6 +675,10 @@ Specifies whether to automatically destr
|
||||
diff -up openssh-6.6p1/sshd_config.5.kuserok openssh-6.6p1/sshd_config.5
|
||||
--- openssh-6.6p1/sshd_config.5.kuserok 2014-05-07 10:35:30.786053870 +0200
|
||||
+++ openssh-6.6p1/sshd_config.5 2014-05-07 10:43:04.784285016 +0200
|
||||
@@ -697,6 +697,10 @@ Specifies whether to automatically destr
|
||||
file on logout.
|
||||
The default is
|
||||
.Dq yes .
|
||||
+.It Cm KerberosUseKuserok
|
||||
+Specifies whether to look at .k5login file for user's aliases.
|
||||
+The default is
|
||||
+.Dq yes .
|
||||
+.Dq no .
|
||||
.It Cm KexAlgorithms
|
||||
Specifies the available KEX (Key Exchange) algorithms.
|
||||
Multiple algorithms must be comma-separated.
|
||||
@@ -833,6 +837,7 @@ Available keywords are
|
||||
@@ -862,6 +866,7 @@ Available keywords are
|
||||
.Cm HostbasedUsesNameFromPacketOnly ,
|
||||
.Cm KbdInteractiveAuthentication ,
|
||||
.Cm KerberosAuthentication ,
|
||||
@ -154,14 +155,14 @@ diff -up openssh-6.3p1/sshd_config.5.kuserok openssh-6.3p1/sshd_config.5
|
||||
.Cm MaxAuthTries ,
|
||||
.Cm MaxSessions ,
|
||||
.Cm PasswordAuthentication ,
|
||||
diff -up openssh-6.3p1/sshd_config.kuserok openssh-6.3p1/sshd_config
|
||||
--- openssh-6.3p1/sshd_config.kuserok 2013-10-11 21:41:42.898087571 +0200
|
||||
+++ openssh-6.3p1/sshd_config 2013-10-11 21:41:42.907087528 +0200
|
||||
@@ -86,6 +86,7 @@ ChallengeResponseAuthentication no
|
||||
diff -up openssh-6.6p1/sshd_config.kuserok openssh-6.6p1/sshd_config
|
||||
--- openssh-6.6p1/sshd_config.kuserok 2014-05-07 10:35:30.803053804 +0200
|
||||
+++ openssh-6.6p1/sshd_config 2014-05-07 10:38:30.735354431 +0200
|
||||
@@ -87,6 +87,7 @@ ChallengeResponseAuthentication no
|
||||
#KerberosOrLocalPasswd yes
|
||||
#KerberosTicketCleanup yes
|
||||
#KerberosGetAFSToken no
|
||||
+#KerberosUseKuserok yes
|
||||
+#KerberosUseKuserok no
|
||||
|
||||
# GSSAPI options
|
||||
#GSSAPIAuthentication no
|
||||
GSSAPIAuthentication yes
|
Loading…
Reference in New Issue
Block a user