- Repair the reference in man ssh-ldap-helper(8)

- Repair the PubkeyAgent section in sshd_config(5)
- Provide example ldap.conf
This commit is contained in:
Jan F. Chadima 2010-05-14 07:44:52 +00:00
parent 86b2d1c41c
commit 8fc96c6b13

View File

@ -1,6 +1,6 @@
diff -up openssh-5.5p1/auth2-pubkey.c.pka openssh-5.5p1/auth2-pubkey.c diff -up openssh-5.5p1/auth2-pubkey.c.pka openssh-5.5p1/auth2-pubkey.c
--- openssh-5.5p1/auth2-pubkey.c.pka 2010-05-12 21:53:55.000000000 +0200 --- openssh-5.5p1/auth2-pubkey.c.pka 2010-05-14 08:19:01.000000000 +0200
+++ openssh-5.5p1/auth2-pubkey.c 2010-05-12 21:53:58.000000000 +0200 +++ openssh-5.5p1/auth2-pubkey.c 2010-05-14 08:19:02.000000000 +0200
@@ -186,27 +186,15 @@ done: @@ -186,27 +186,15 @@ done:
/* return 1 if user allows given key */ /* return 1 if user allows given key */
@ -196,7 +196,7 @@ diff -up openssh-5.5p1/auth2-pubkey.c.pka openssh-5.5p1/auth2-pubkey.c
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key)) if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
diff -up openssh-5.5p1/config.h.in.pka openssh-5.5p1/config.h.in diff -up openssh-5.5p1/config.h.in.pka openssh-5.5p1/config.h.in
--- openssh-5.5p1/config.h.in.pka 2010-04-16 02:17:09.000000000 +0200 --- openssh-5.5p1/config.h.in.pka 2010-04-16 02:17:09.000000000 +0200
+++ openssh-5.5p1/config.h.in 2010-05-12 21:53:58.000000000 +0200 +++ openssh-5.5p1/config.h.in 2010-05-14 08:19:02.000000000 +0200
@@ -1,5 +1,8 @@ @@ -1,5 +1,8 @@
/* config.h.in. Generated from configure.ac by autoheader. */ /* config.h.in. Generated from configure.ac by autoheader. */
@ -362,8 +362,8 @@ diff -up openssh-5.5p1/config.h.in.pka openssh-5.5p1/config.h.in
/* Define if xauth is found in your path */ /* Define if xauth is found in your path */
#undef XAUTH_PATH #undef XAUTH_PATH
diff -up openssh-5.5p1/configure.ac.pka openssh-5.5p1/configure.ac diff -up openssh-5.5p1/configure.ac.pka openssh-5.5p1/configure.ac
--- openssh-5.5p1/configure.ac.pka 2010-05-12 21:53:57.000000000 +0200 --- openssh-5.5p1/configure.ac.pka 2010-05-14 08:19:01.000000000 +0200
+++ openssh-5.5p1/configure.ac 2010-05-12 21:53:58.000000000 +0200 +++ openssh-5.5p1/configure.ac 2010-05-14 08:19:02.000000000 +0200
@@ -1346,6 +1346,118 @@ AC_ARG_WITH(audit, @@ -1346,6 +1346,118 @@ AC_ARG_WITH(audit,
esac ] esac ]
) )
@ -493,8 +493,8 @@ diff -up openssh-5.5p1/configure.ac.pka openssh-5.5p1/configure.ac
echo " libedit support: $LIBEDIT_MSG" echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG" echo " Solaris process contract support: $SPC_MSG"
diff -up openssh-5.5p1/ldapbody.c.pka openssh-5.5p1/ldapbody.c diff -up openssh-5.5p1/ldapbody.c.pka openssh-5.5p1/ldapbody.c
--- openssh-5.5p1/ldapbody.c.pka 2010-05-12 21:53:58.000000000 +0200 --- openssh-5.5p1/ldapbody.c.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/ldapbody.c 2010-05-12 21:53:58.000000000 +0200 +++ openssh-5.5p1/ldapbody.c 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,494 @@ @@ -0,0 +1,494 @@
+/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -991,8 +991,8 @@ diff -up openssh-5.5p1/ldapbody.c.pka openssh-5.5p1/ldapbody.c
+} +}
+ +
diff -up openssh-5.5p1/ldapbody.h.pka openssh-5.5p1/ldapbody.h diff -up openssh-5.5p1/ldapbody.h.pka openssh-5.5p1/ldapbody.h
--- openssh-5.5p1/ldapbody.h.pka 2010-05-12 21:53:58.000000000 +0200 --- openssh-5.5p1/ldapbody.h.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/ldapbody.h 2010-05-12 21:53:58.000000000 +0200 +++ openssh-5.5p1/ldapbody.h 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,37 @@ @@ -0,0 +1,37 @@
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -1032,8 +1032,8 @@ diff -up openssh-5.5p1/ldapbody.h.pka openssh-5.5p1/ldapbody.h
+#endif /* LDAPBODY_H */ +#endif /* LDAPBODY_H */
+ +
diff -up openssh-5.5p1/ldapconf.c.pka openssh-5.5p1/ldapconf.c diff -up openssh-5.5p1/ldapconf.c.pka openssh-5.5p1/ldapconf.c
--- openssh-5.5p1/ldapconf.c.pka 2010-05-12 21:53:58.000000000 +0200 --- openssh-5.5p1/ldapconf.c.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/ldapconf.c 2010-05-13 13:32:05.000000000 +0200 +++ openssh-5.5p1/ldapconf.c 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,682 @@ @@ -0,0 +1,682 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -1718,8 +1718,8 @@ diff -up openssh-5.5p1/ldapconf.c.pka openssh-5.5p1/ldapconf.c
+} +}
+ +
diff -up openssh-5.5p1/ldapconf.h.pka openssh-5.5p1/ldapconf.h diff -up openssh-5.5p1/ldapconf.h.pka openssh-5.5p1/ldapconf.h
--- openssh-5.5p1/ldapconf.h.pka 2010-05-12 21:53:58.000000000 +0200 --- openssh-5.5p1/ldapconf.h.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/ldapconf.h 2010-05-12 21:53:58.000000000 +0200 +++ openssh-5.5p1/ldapconf.h 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,71 @@ @@ -0,0 +1,71 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -1792,9 +1792,101 @@ diff -up openssh-5.5p1/ldapconf.h.pka openssh-5.5p1/ldapconf.h
+void dump_config(void); +void dump_config(void);
+ +
+#endif /* LDAPCONF_H */ +#endif /* LDAPCONF_H */
diff -up openssh-5.5p1/ldap.conf.pka openssh-5.5p1/ldap.conf
--- openssh-5.5p1/ldap.conf.pka 2010-05-14 08:31:43.000000000 +0200
+++ openssh-5.5p1/ldap.conf 2010-05-14 08:47:57.000000000 +0200
@@ -0,0 +1,88 @@
+# $Id: ldap.conf,v 1.0 2010/03/13 21:41:34 jfch Exp $
+#
+# This is the example configuration file for the OpenSSH
+# LDAP backend
+#
+# see ssh-ldap.conf(5)
+#
+
+# URI with your LDAP server name. This allows to use
+# Unix Domain Sockets to connect to a local LDAP Server.
+#uri ldap://127.0.0.1/
+#uri ldaps://127.0.0.1/
+#uri ldapi://%2fvar%2frun%2fldapi_sock/
+# Note: %2f encodes the '/' used as directory separator
+
+# Another way to specify your LDAP server is to provide an
+# host name and the port of our LDAP server. Host name
+# must be resolvable without using LDAP.
+# Multiple hosts may be specified, each separated by a
+# space. How long nss_ldap takes to failover depends on
+# whether your LDAP client library supports configurable
+# network or connect timeouts (see bind_timelimit).
+#host 127.0.0.1
+
+# The port.
+# Optional: default is 389.
+#port 389
+
+# The distinguished name to bind to the server with.
+# Optional: default is to bind anonymously.
+#binddn cn=openssh_keys,dc=example,dc=org
+
+# The credentials to bind with.
+# Optional: default is no credential.
+#bindpw TopSecret
+
+# The distinguished name of the search base.
+#base dc=example,dc=org
+
+# The LDAP version to use (defaults to 3
+# if supported by client library)
+#ldap_version 3
+
+# The search scope.
+#scope sub
+#scope one
+#scope base
+
+# Search timelimit
+#timelimit 30
+
+# Bind/connect timelimit
+#bind_timelimit 30
+
+# Reconnect policy: hard (default) will retry connecting to
+# the software with exponential backoff, soft will fail
+# immediately.
+#bind_policy hard
+
+# SSL setup, may be implied by URI also.
+#ssl no
+#ssl on
+#ssl start_tls
+
+# OpenLDAP SSL options
+# Require and verify server certificate (yes/no)
+# Default is to use libldap's default behavior, which can be configured in
+# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
+# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
+#tls_checkpeer hard
+
+# CA certificates for server certificate verification
+# At least one of these are required if tls_checkpeer is "yes"
+#tls_cacertfile /etc/ssl/ca.cert
+#tls_cacertdir /etc/pki/tls/certs
+
+# Seed the PRNG if /dev/urandom is not provided
+#tls_randfile /var/run/egd-pool
+
+# SSL cipher suite
+# See man ciphers for syntax
+#tls_ciphers TLSv1
+
+# Client certificate and key
+# Use these, if your server requires client authentication.
+#tls_cert
+#tls_key
+
diff -up openssh-5.5p1/ldap-helper.c.pka openssh-5.5p1/ldap-helper.c diff -up openssh-5.5p1/ldap-helper.c.pka openssh-5.5p1/ldap-helper.c
--- openssh-5.5p1/ldap-helper.c.pka 2010-05-12 21:53:58.000000000 +0200 --- openssh-5.5p1/ldap-helper.c.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/ldap-helper.c 2010-05-13 07:33:06.000000000 +0200 +++ openssh-5.5p1/ldap-helper.c 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,154 @@ @@ -0,0 +1,154 @@
+/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -1951,8 +2043,8 @@ diff -up openssh-5.5p1/ldap-helper.c.pka openssh-5.5p1/ldap-helper.c
+void buffer_put_string(Buffer *b, const void *f, u_int l) {} +void buffer_put_string(Buffer *b, const void *f, u_int l) {}
+ +
diff -up openssh-5.5p1/ldap-helper.h.pka openssh-5.5p1/ldap-helper.h diff -up openssh-5.5p1/ldap-helper.h.pka openssh-5.5p1/ldap-helper.h
--- openssh-5.5p1/ldap-helper.h.pka 2010-05-12 21:53:59.000000000 +0200 --- openssh-5.5p1/ldap-helper.h.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/ldap-helper.h 2010-05-12 21:53:59.000000000 +0200 +++ openssh-5.5p1/ldap-helper.h 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,32 @@ @@ -0,0 +1,32 @@
+/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -1987,8 +2079,8 @@ diff -up openssh-5.5p1/ldap-helper.h.pka openssh-5.5p1/ldap-helper.h
+ +
+#endif /* LDAP_HELPER_H */ +#endif /* LDAP_HELPER_H */
diff -up openssh-5.5p1/ldapincludes.h.pka openssh-5.5p1/ldapincludes.h diff -up openssh-5.5p1/ldapincludes.h.pka openssh-5.5p1/ldapincludes.h
--- openssh-5.5p1/ldapincludes.h.pka 2010-05-12 21:53:59.000000000 +0200 --- openssh-5.5p1/ldapincludes.h.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/ldapincludes.h 2010-05-12 21:53:59.000000000 +0200 +++ openssh-5.5p1/ldapincludes.h 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,41 @@ @@ -0,0 +1,41 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -2032,8 +2124,8 @@ diff -up openssh-5.5p1/ldapincludes.h.pka openssh-5.5p1/ldapincludes.h
+ +
+#endif /* LDAPINCLUDES_H */ +#endif /* LDAPINCLUDES_H */
diff -up openssh-5.5p1/ldapmisc.c.pka openssh-5.5p1/ldapmisc.c diff -up openssh-5.5p1/ldapmisc.c.pka openssh-5.5p1/ldapmisc.c
--- openssh-5.5p1/ldapmisc.c.pka 2010-05-12 21:53:59.000000000 +0200 --- openssh-5.5p1/ldapmisc.c.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/ldapmisc.c 2010-05-12 21:53:59.000000000 +0200 +++ openssh-5.5p1/ldapmisc.c 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,79 @@ @@ -0,0 +1,79 @@
+ +
+#include "ldapincludes.h" +#include "ldapincludes.h"
@ -2115,8 +2207,8 @@ diff -up openssh-5.5p1/ldapmisc.c.pka openssh-5.5p1/ldapmisc.c
+#endif +#endif
+ +
diff -up openssh-5.5p1/ldapmisc.h.pka openssh-5.5p1/ldapmisc.h diff -up openssh-5.5p1/ldapmisc.h.pka openssh-5.5p1/ldapmisc.h
--- openssh-5.5p1/ldapmisc.h.pka 2010-05-12 21:53:59.000000000 +0200 --- openssh-5.5p1/ldapmisc.h.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/ldapmisc.h 2010-05-12 21:53:59.000000000 +0200 +++ openssh-5.5p1/ldapmisc.h 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,35 @@ @@ -0,0 +1,35 @@
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -2154,8 +2246,8 @@ diff -up openssh-5.5p1/ldapmisc.h.pka openssh-5.5p1/ldapmisc.h
+#endif /* LDAPMISC_H */ +#endif /* LDAPMISC_H */
+ +
diff -up openssh-5.5p1/lpk-user-example.txt.pka openssh-5.5p1/lpk-user-example.txt diff -up openssh-5.5p1/lpk-user-example.txt.pka openssh-5.5p1/lpk-user-example.txt
--- openssh-5.5p1/lpk-user-example.txt.pka 2010-05-12 21:53:59.000000000 +0200 --- openssh-5.5p1/lpk-user-example.txt.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/lpk-user-example.txt 2010-05-12 21:53:59.000000000 +0200 +++ openssh-5.5p1/lpk-user-example.txt 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,117 @@ @@ -0,0 +1,117 @@
+ +
+Post to ML -> User Made Quick Install Doc. +Post to ML -> User Made Quick Install Doc.
@ -2276,7 +2368,7 @@ diff -up openssh-5.5p1/lpk-user-example.txt.pka openssh-5.5p1/lpk-user-example.t
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff -up openssh-5.5p1/Makefile.in.pka openssh-5.5p1/Makefile.in diff -up openssh-5.5p1/Makefile.in.pka openssh-5.5p1/Makefile.in
--- openssh-5.5p1/Makefile.in.pka 2010-03-13 22:41:34.000000000 +0100 --- openssh-5.5p1/Makefile.in.pka 2010-03-13 22:41:34.000000000 +0100
+++ openssh-5.5p1/Makefile.in 2010-05-12 21:53:59.000000000 +0200 +++ openssh-5.5p1/Makefile.in 2010-05-14 08:51:17.000000000 +0200
@@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas @@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas
SFTP_SERVER=$(libexecdir)/sftp-server SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign SSH_KEYSIGN=$(libexecdir)/ssh-keysign
@ -2338,7 +2430,21 @@ diff -up openssh-5.5p1/Makefile.in.pka openssh-5.5p1/Makefile.in
-rm -f $(DESTDIR)$(bindir)/slogin -rm -f $(DESTDIR)$(bindir)/slogin
ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
@@ -384,6 +396,7 @@ uninstall: @@ -321,6 +333,13 @@ install-sysconf:
else \
echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
fi
+ if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
+ if [ ! -f $(DESTDIR)$(sysconfdir)/ldap.conf ]; then \
+ $(INSTALL) -m 644 ldap.conf $(DESTDIR)$(sysconfdir)/ldap.conf; \
+ else \
+ echo "$(DESTDIR)$(sysconfdir)/ldap.conf already exists, install will not overwrite"; \
+ fi ; \
+ fi
host-key: ssh-keygen$(EXEEXT)
@if [ -z "$(DESTDIR)" ] ; then \
@@ -384,6 +403,7 @@ uninstall:
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
@ -2347,8 +2453,8 @@ diff -up openssh-5.5p1/Makefile.in.pka openssh-5.5p1/Makefile.in
tests interop-tests: $(TARGETS) tests interop-tests: $(TARGETS)
diff -up openssh-5.5p1/openssh-lpk-openldap.schema.pka openssh-5.5p1/openssh-lpk-openldap.schema diff -up openssh-5.5p1/openssh-lpk-openldap.schema.pka openssh-5.5p1/openssh-lpk-openldap.schema
--- openssh-5.5p1/openssh-lpk-openldap.schema.pka 2010-05-12 21:53:59.000000000 +0200 --- openssh-5.5p1/openssh-lpk-openldap.schema.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/openssh-lpk-openldap.schema 2010-05-12 21:53:59.000000000 +0200 +++ openssh-5.5p1/openssh-lpk-openldap.schema 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,21 @@ @@ -0,0 +1,21 @@
+# +#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@ -2372,8 +2478,8 @@ diff -up openssh-5.5p1/openssh-lpk-openldap.schema.pka openssh-5.5p1/openssh-lpk
+ MUST ( sshPublicKey $ uid ) + MUST ( sshPublicKey $ uid )
+ ) + )
diff -up openssh-5.5p1/openssh-lpk-sun.schema.pka openssh-5.5p1/openssh-lpk-sun.schema diff -up openssh-5.5p1/openssh-lpk-sun.schema.pka openssh-5.5p1/openssh-lpk-sun.schema
--- openssh-5.5p1/openssh-lpk-sun.schema.pka 2010-05-12 21:53:59.000000000 +0200 --- openssh-5.5p1/openssh-lpk-sun.schema.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/openssh-lpk-sun.schema 2010-05-12 21:53:59.000000000 +0200 +++ openssh-5.5p1/openssh-lpk-sun.schema 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,23 @@ @@ -0,0 +1,23 @@
+# +#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@ -2399,8 +2505,8 @@ diff -up openssh-5.5p1/openssh-lpk-sun.schema.pka openssh-5.5p1/openssh-lpk-sun.
+ MUST ( sshPublicKey $ uid ) + MUST ( sshPublicKey $ uid )
+ ) + )
diff -up openssh-5.5p1/README.lpk.pka openssh-5.5p1/README.lpk diff -up openssh-5.5p1/README.lpk.pka openssh-5.5p1/README.lpk
--- openssh-5.5p1/README.lpk.pka 2010-05-12 21:53:59.000000000 +0200 --- openssh-5.5p1/README.lpk.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/README.lpk 2010-05-12 21:53:59.000000000 +0200 +++ openssh-5.5p1/README.lpk 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,274 @@ @@ -0,0 +1,274 @@
+OpenSSH LDAP PUBLIC KEY PATCH +OpenSSH LDAP PUBLIC KEY PATCH
+Copyright (c) 2003 Eric AUGE (eau@phear.org) +Copyright (c) 2003 Eric AUGE (eau@phear.org)
@ -2677,8 +2783,8 @@ diff -up openssh-5.5p1/README.lpk.pka openssh-5.5p1/README.lpk
+ Jan F. Chadima <jchadima@redhat.com> + Jan F. Chadima <jchadima@redhat.com>
+ +
diff -up openssh-5.5p1/servconf.c.pka openssh-5.5p1/servconf.c diff -up openssh-5.5p1/servconf.c.pka openssh-5.5p1/servconf.c
--- openssh-5.5p1/servconf.c.pka 2010-05-12 21:53:53.000000000 +0200 --- openssh-5.5p1/servconf.c.pka 2010-05-14 08:18:59.000000000 +0200
+++ openssh-5.5p1/servconf.c 2010-05-12 21:53:59.000000000 +0200 +++ openssh-5.5p1/servconf.c 2010-05-14 08:19:02.000000000 +0200
@@ -129,6 +129,8 @@ initialize_server_options(ServerOptions @@ -129,6 +129,8 @@ initialize_server_options(ServerOptions
options->num_permitted_opens = -1; options->num_permitted_opens = -1;
options->adm_forced_command = NULL; options->adm_forced_command = NULL;
@ -2750,8 +2856,8 @@ diff -up openssh-5.5p1/servconf.c.pka openssh-5.5p1/servconf.c
/* string arguments requiring a lookup */ /* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level)); dump_cfg_string(sLogLevel, log_level_name(o->log_level));
diff -up openssh-5.5p1/servconf.h.pka openssh-5.5p1/servconf.h diff -up openssh-5.5p1/servconf.h.pka openssh-5.5p1/servconf.h
--- openssh-5.5p1/servconf.h.pka 2010-05-12 21:53:53.000000000 +0200 --- openssh-5.5p1/servconf.h.pka 2010-05-14 08:18:59.000000000 +0200
+++ openssh-5.5p1/servconf.h 2010-05-12 21:54:00.000000000 +0200 +++ openssh-5.5p1/servconf.h 2010-05-14 08:19:02.000000000 +0200
@@ -157,6 +157,8 @@ typedef struct { @@ -157,6 +157,8 @@ typedef struct {
char *chroot_directory; char *chroot_directory;
char *revoked_keys_file; char *revoked_keys_file;
@ -2762,8 +2868,8 @@ diff -up openssh-5.5p1/servconf.h.pka openssh-5.5p1/servconf.h
void initialize_server_options(ServerOptions *); void initialize_server_options(ServerOptions *);
diff -up openssh-5.5p1/sshd_config.0.pka openssh-5.5p1/sshd_config.0 diff -up openssh-5.5p1/sshd_config.0.pka openssh-5.5p1/sshd_config.0
--- openssh-5.5p1/sshd_config.0.pka 2010-05-12 21:53:53.000000000 +0200 --- openssh-5.5p1/sshd_config.0.pka 2010-05-14 08:18:59.000000000 +0200
+++ openssh-5.5p1/sshd_config.0 2010-05-12 21:54:00.000000000 +0200 +++ openssh-5.5p1/sshd_config.0 2010-05-14 08:19:02.000000000 +0200
@@ -352,7 +352,8 @@ DESCRIPTION @@ -352,7 +352,8 @@ DESCRIPTION
KbdInteractiveAuthentication, KerberosAuthentication, KbdInteractiveAuthentication, KerberosAuthentication,
MaxAuthTries, MaxSessions, PasswordAuthentication, MaxAuthTries, MaxSessions, PasswordAuthentication,
@ -2793,38 +2899,37 @@ diff -up openssh-5.5p1/sshd_config.0.pka openssh-5.5p1/sshd_config.0
Specifies whether rhosts or /etc/hosts.equiv authentication to- Specifies whether rhosts or /etc/hosts.equiv authentication to-
gether with successful RSA host authentication is allowed. The gether with successful RSA host authentication is allowed. The
diff -up openssh-5.5p1/sshd_config.5.pka openssh-5.5p1/sshd_config.5 diff -up openssh-5.5p1/sshd_config.5.pka openssh-5.5p1/sshd_config.5
--- openssh-5.5p1/sshd_config.5.pka 2010-05-12 21:53:53.000000000 +0200 --- openssh-5.5p1/sshd_config.5.pka 2010-05-14 08:18:59.000000000 +0200
+++ openssh-5.5p1/sshd_config.5 2010-05-12 21:54:00.000000000 +0200 +++ openssh-5.5p1/sshd_config.5 2010-05-14 08:31:23.000000000 +0200
@@ -618,6 +618,9 @@ Available keywords are @@ -623,6 +623,8 @@ Available keywords are
.Cm KerberosAuthentication , .Cm PermitOpen ,
.Cm MaxAuthTries , .Cm PermitRootLogin ,
.Cm MaxSessions , .Cm PubkeyAuthentication ,
+.Cm PubkeyAuthentication ,
+.Cm PubkeyAgent , +.Cm PubkeyAgent ,
+.Cm PubkeyAgentRunAs , +.Cm PubkeyAgentRunAs ,
.Cm PasswordAuthentication , .Cm RhostsRSAAuthentication ,
.Cm PermitEmptyPasswords , .Cm RSAAuthentication ,
.Cm PermitOpen , .Cm X11DisplayOffset ,
@@ -819,6 +822,16 @@ Specifies a list of revoked public keys. @@ -819,6 +821,16 @@ Specifies a list of revoked public keys.
Keys listed in this file will be refused for public key authentication. Keys listed in this file will be refused for public key authentication.
Note that if this file is not readable, then public key authentication will Note that if this file is not readable, then public key authentication will
be refused for all users. be refused for all users.
++.It Cm PubkeyAgent +.It Cm PubkeyAgent
++Specifies which agent is used for lookup of the user's public +Specifies which agent is used for lookup of the user's public
++keys. Empty string means to use the authorized_keys file. +keys. Empty string means to use the authorized_keys file.
++By default there is no PubkeyAgent set. +By default there is no PubkeyAgent set.
++Note that this option has an effect only with PubkeyAuthentication +Note that this option has an effect only with PubkeyAuthentication
++switched on. +switched on.
++.It Cm PubkeyAgentRunAs +.It Cm PubkeyAgentRunAs
++Specifies the user under whose account the PubkeyAgent is run. Empty +Specifies the user under whose account the PubkeyAgent is run. Empty
++string (the default value) means the user being authorized is used. +string (the default value) means the user being authorized is used.
++.Dq +.Dq
.It Cm RhostsRSAAuthentication .It Cm RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed. with successful RSA host authentication is allowed.
diff -up openssh-5.5p1/sshd_config.pka openssh-5.5p1/sshd_config diff -up openssh-5.5p1/sshd_config.pka openssh-5.5p1/sshd_config
--- openssh-5.5p1/sshd_config.pka 2010-05-12 21:53:53.000000000 +0200 --- openssh-5.5p1/sshd_config.pka 2010-05-14 08:18:59.000000000 +0200
+++ openssh-5.5p1/sshd_config 2010-05-12 21:54:00.000000000 +0200 +++ openssh-5.5p1/sshd_config 2010-05-14 08:19:02.000000000 +0200
@@ -45,6 +45,8 @@ SyslogFacility AUTHPRIV @@ -45,6 +45,8 @@ SyslogFacility AUTHPRIV
#RSAAuthentication yes #RSAAuthentication yes
#PubkeyAuthentication yes #PubkeyAuthentication yes
@ -2835,8 +2940,8 @@ diff -up openssh-5.5p1/sshd_config.pka openssh-5.5p1/sshd_config
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no #RhostsRSAAuthentication no
diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5 diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
--- openssh-5.5p1/ssh-ldap.conf.5.pka 2010-05-12 21:54:00.000000000 +0200 --- openssh-5.5p1/ssh-ldap.conf.5.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/ssh-ldap.conf.5 2010-05-13 13:33:27.000000000 +0200 +++ openssh-5.5p1/ssh-ldap.conf.5 2010-05-14 08:19:02.000000000 +0200
@@ -0,0 +1,369 @@ @@ -0,0 +1,369 @@
+.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $ +.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
+.\" +.\"
@ -3208,8 +3313,8 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+.Sh AUTHORS +.Sh AUTHORS
+.An Jan F. Chadima Aq jchadima@redhat.com +.An Jan F. Chadima Aq jchadima@redhat.com
diff -up openssh-5.5p1/ssh-ldap-helper.8.pka openssh-5.5p1/ssh-ldap-helper.8 diff -up openssh-5.5p1/ssh-ldap-helper.8.pka openssh-5.5p1/ssh-ldap-helper.8
--- openssh-5.5p1/ssh-ldap-helper.8.pka 2010-05-12 21:54:00.000000000 +0200 --- openssh-5.5p1/ssh-ldap-helper.8.pka 2010-05-14 08:19:02.000000000 +0200
+++ openssh-5.5p1/ssh-ldap-helper.8 2010-05-13 07:32:13.000000000 +0200 +++ openssh-5.5p1/ssh-ldap-helper.8 2010-05-14 08:20:39.000000000 +0200
@@ -0,0 +1,79 @@ @@ -0,0 +1,79 @@
+.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $ +.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
+.\" +.\"
@ -3283,7 +3388,7 @@ diff -up openssh-5.5p1/ssh-ldap-helper.8.pka openssh-5.5p1/ssh-ldap-helper.8
+.Sh SEE ALSO +.Sh SEE ALSO
+.Xr sshd 8 , +.Xr sshd 8 ,
+.Xr sshd_config 5 , +.Xr sshd_config 5 ,
+.Xr ssh_ldap.conf 5 , +.Xr ssh-ldap.conf 5 ,
+.Sh HISTORY +.Sh HISTORY
+.Nm +.Nm
+first appeared in +first appeared in