Fix typo in GSSAPIProxyS4U2Services

Related: RHEL-92932 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2026-03-23 09:34:26 +01:00 · 2026-03-23 09:34:26 +01:00 · 7c2c5a7cd0
commit 7c2c5a7cd0
parent ef90c25403
2 changed files with 6 additions and 4 deletions
--- a/openssh-9.9p1-gssapi-s4u.patch
+++ b/openssh-9.9p1-gssapi-s4u.patch
@ -828,7 +828,7 @@ diff --color -ruNp a/sshd_config.5 b/sshd_config.5
 +.Pp
 +The default is
 +.Cm no .
-+.It Cm GSSAPIS42UProxyServices
+.It Cm GSSAPIProxyS4U2Services
 +Specifies a list of Kerberos service principals for which constrained
 +delegation (S4U2Proxy) tickets should be obtained after a successful
 +S4U2Self protocol transition.
@ -883,14 +883,14 @@ diff --color -ruNp a/sshd-session.c b/sshd-session.c
 		restore_uid();
 	}
 +	/*
-+	 * GSSAPIAllowS4U2Self / GSSAPIS42UProxyServices: if no credentials were stored
+	 * GSSAPIAllowS4U2Self / GSSAPIProxyS4U2Services: if no credentials were stored
 +	 * above (i.e. no GSSAPI auth with delegation occurred), use S4U2Self
 +	 * to obtain an impersonated credential for the user, then optionally
 +	 * follow with S4U2Proxy for configured target services.
 +	 *
 +	 * GSSAPIAllowS4U2Self alone:    store S4U2Self evidence ticket only;
 +	 *                            the host TGT is removed.
-+	 * GSSAPIS42UProxyServices alone: store host TGT and S4U2Proxy service
+	 * GSSAPIProxyS4U2Services alone: store host TGT and S4U2Proxy service
 +	 *                            tickets; the S4U2Self evidence ticket
 +	 *                            is removed.
 +	 * Both:                     store host TGT, S4U2Self evidence ticket,
@ -961,7 +961,7 @@ diff --color -ruNp a/sshd-session.c b/sshd-session.c
 +			 * stay so that applications recognise the ccache as
 +			 * holding live Kerberos credentials.
 +			 * Remove the S4U2Self evidence ticket in proxy-only
-+			 * mode (GSSAPIS42UProxyServices without GSSAPIAllowS4U2Self).
+			 * mode (GSSAPIProxyS4U2Services without GSSAPIAllowS4U2Self).
 +			 */
 +			filter = 0;
 +			if (options.gss_allow_s4u2self &&
--- a/openssh.spec
+++ b/openssh.spec
@ -724,6 +724,8 @@ test -f %{sysconfig_anaconda} && \
  Resolves: RHEL-88565
 - Fix duplicate audit log entry when destroying ed25519 private keys
  Resolves: RHEL-46782
+- Fix typo in GSSAPIProxyS4U2Services
+  Related: RHEL-92932

 * Thu Mar 12 2026 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-22
 - Remove recommendation of p11-kit