- Typo in ssh-ldap.conf(5) and ssh-ladap-helper(8)

This commit is contained in:
Jan F. Chadima 2010-05-20 07:02:32 +00:00
parent 99d9a391f4
commit b1a625a446
2 changed files with 90 additions and 86 deletions

View File

@ -1,6 +1,6 @@
diff -up openssh-5.5p1/auth2-pubkey.c.pka openssh-5.5p1/auth2-pubkey.c diff -up openssh-5.5p1/auth2-pubkey.c.pka openssh-5.5p1/auth2-pubkey.c
--- openssh-5.5p1/auth2-pubkey.c.pka 2010-05-14 08:19:01.000000000 +0200 --- openssh-5.5p1/auth2-pubkey.c.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/auth2-pubkey.c 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/auth2-pubkey.c 2010-05-20 07:11:47.000000000 +0200
@@ -186,27 +186,15 @@ done: @@ -186,27 +186,15 @@ done:
/* return 1 if user allows given key */ /* return 1 if user allows given key */
@ -196,7 +196,7 @@ diff -up openssh-5.5p1/auth2-pubkey.c.pka openssh-5.5p1/auth2-pubkey.c
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key)) if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
diff -up openssh-5.5p1/config.h.in.pka openssh-5.5p1/config.h.in diff -up openssh-5.5p1/config.h.in.pka openssh-5.5p1/config.h.in
--- openssh-5.5p1/config.h.in.pka 2010-04-16 02:17:09.000000000 +0200 --- openssh-5.5p1/config.h.in.pka 2010-04-16 02:17:09.000000000 +0200
+++ openssh-5.5p1/config.h.in 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/config.h.in 2010-05-20 07:11:47.000000000 +0200
@@ -1,5 +1,8 @@ @@ -1,5 +1,8 @@
/* config.h.in. Generated from configure.ac by autoheader. */ /* config.h.in. Generated from configure.ac by autoheader. */
@ -362,8 +362,8 @@ diff -up openssh-5.5p1/config.h.in.pka openssh-5.5p1/config.h.in
/* Define if xauth is found in your path */ /* Define if xauth is found in your path */
#undef XAUTH_PATH #undef XAUTH_PATH
diff -up openssh-5.5p1/configure.ac.pka openssh-5.5p1/configure.ac diff -up openssh-5.5p1/configure.ac.pka openssh-5.5p1/configure.ac
--- openssh-5.5p1/configure.ac.pka 2010-05-14 08:19:01.000000000 +0200 --- openssh-5.5p1/configure.ac.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/configure.ac 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/configure.ac 2010-05-20 07:11:47.000000000 +0200
@@ -1346,6 +1346,118 @@ AC_ARG_WITH(audit, @@ -1346,6 +1346,118 @@ AC_ARG_WITH(audit,
esac ] esac ]
) )
@ -493,8 +493,8 @@ diff -up openssh-5.5p1/configure.ac.pka openssh-5.5p1/configure.ac
echo " libedit support: $LIBEDIT_MSG" echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG" echo " Solaris process contract support: $SPC_MSG"
diff -up openssh-5.5p1/ldapbody.c.pka openssh-5.5p1/ldapbody.c diff -up openssh-5.5p1/ldapbody.c.pka openssh-5.5p1/ldapbody.c
--- openssh-5.5p1/ldapbody.c.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/ldapbody.c.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/ldapbody.c 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/ldapbody.c 2010-05-20 07:11:47.000000000 +0200
@@ -0,0 +1,494 @@ @@ -0,0 +1,494 @@
+/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -991,8 +991,8 @@ diff -up openssh-5.5p1/ldapbody.c.pka openssh-5.5p1/ldapbody.c
+} +}
+ +
diff -up openssh-5.5p1/ldapbody.h.pka openssh-5.5p1/ldapbody.h diff -up openssh-5.5p1/ldapbody.h.pka openssh-5.5p1/ldapbody.h
--- openssh-5.5p1/ldapbody.h.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/ldapbody.h.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/ldapbody.h 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/ldapbody.h 2010-05-20 07:11:47.000000000 +0200
@@ -0,0 +1,37 @@ @@ -0,0 +1,37 @@
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -1032,8 +1032,8 @@ diff -up openssh-5.5p1/ldapbody.h.pka openssh-5.5p1/ldapbody.h
+#endif /* LDAPBODY_H */ +#endif /* LDAPBODY_H */
+ +
diff -up openssh-5.5p1/ldapconf.c.pka openssh-5.5p1/ldapconf.c diff -up openssh-5.5p1/ldapconf.c.pka openssh-5.5p1/ldapconf.c
--- openssh-5.5p1/ldapconf.c.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/ldapconf.c.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/ldapconf.c 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/ldapconf.c 2010-05-20 07:11:47.000000000 +0200
@@ -0,0 +1,682 @@ @@ -0,0 +1,682 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -1718,8 +1718,8 @@ diff -up openssh-5.5p1/ldapconf.c.pka openssh-5.5p1/ldapconf.c
+} +}
+ +
diff -up openssh-5.5p1/ldapconf.h.pka openssh-5.5p1/ldapconf.h diff -up openssh-5.5p1/ldapconf.h.pka openssh-5.5p1/ldapconf.h
--- openssh-5.5p1/ldapconf.h.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/ldapconf.h.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/ldapconf.h 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/ldapconf.h 2010-05-20 07:11:47.000000000 +0200
@@ -0,0 +1,71 @@ @@ -0,0 +1,71 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -1793,8 +1793,8 @@ diff -up openssh-5.5p1/ldapconf.h.pka openssh-5.5p1/ldapconf.h
+ +
+#endif /* LDAPCONF_H */ +#endif /* LDAPCONF_H */
diff -up openssh-5.5p1/ldap.conf.pka openssh-5.5p1/ldap.conf diff -up openssh-5.5p1/ldap.conf.pka openssh-5.5p1/ldap.conf
--- openssh-5.5p1/ldap.conf.pka 2010-05-14 08:31:43.000000000 +0200 --- openssh-5.5p1/ldap.conf.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/ldap.conf 2010-05-14 08:47:57.000000000 +0200 +++ openssh-5.5p1/ldap.conf 2010-05-20 07:11:47.000000000 +0200
@@ -0,0 +1,88 @@ @@ -0,0 +1,88 @@
+# $Id: ldap.conf,v 1.0 2010/03/13 21:41:34 jfch Exp $ +# $Id: ldap.conf,v 1.0 2010/03/13 21:41:34 jfch Exp $
+# +#
@ -1885,8 +1885,8 @@ diff -up openssh-5.5p1/ldap.conf.pka openssh-5.5p1/ldap.conf
+#tls_key +#tls_key
+ +
diff -up openssh-5.5p1/ldap-helper.c.pka openssh-5.5p1/ldap-helper.c diff -up openssh-5.5p1/ldap-helper.c.pka openssh-5.5p1/ldap-helper.c
--- openssh-5.5p1/ldap-helper.c.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/ldap-helper.c.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/ldap-helper.c 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/ldap-helper.c 2010-05-20 07:11:47.000000000 +0200
@@ -0,0 +1,154 @@ @@ -0,0 +1,154 @@
+/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -2043,8 +2043,8 @@ diff -up openssh-5.5p1/ldap-helper.c.pka openssh-5.5p1/ldap-helper.c
+void buffer_put_string(Buffer *b, const void *f, u_int l) {} +void buffer_put_string(Buffer *b, const void *f, u_int l) {}
+ +
diff -up openssh-5.5p1/ldap-helper.h.pka openssh-5.5p1/ldap-helper.h diff -up openssh-5.5p1/ldap-helper.h.pka openssh-5.5p1/ldap-helper.h
--- openssh-5.5p1/ldap-helper.h.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/ldap-helper.h.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/ldap-helper.h 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/ldap-helper.h 2010-05-20 07:11:47.000000000 +0200
@@ -0,0 +1,32 @@ @@ -0,0 +1,32 @@
+/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -2079,8 +2079,8 @@ diff -up openssh-5.5p1/ldap-helper.h.pka openssh-5.5p1/ldap-helper.h
+ +
+#endif /* LDAP_HELPER_H */ +#endif /* LDAP_HELPER_H */
diff -up openssh-5.5p1/ldapincludes.h.pka openssh-5.5p1/ldapincludes.h diff -up openssh-5.5p1/ldapincludes.h.pka openssh-5.5p1/ldapincludes.h
--- openssh-5.5p1/ldapincludes.h.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/ldapincludes.h.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/ldapincludes.h 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/ldapincludes.h 2010-05-20 07:11:47.000000000 +0200
@@ -0,0 +1,41 @@ @@ -0,0 +1,41 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -2124,8 +2124,8 @@ diff -up openssh-5.5p1/ldapincludes.h.pka openssh-5.5p1/ldapincludes.h
+ +
+#endif /* LDAPINCLUDES_H */ +#endif /* LDAPINCLUDES_H */
diff -up openssh-5.5p1/ldapmisc.c.pka openssh-5.5p1/ldapmisc.c diff -up openssh-5.5p1/ldapmisc.c.pka openssh-5.5p1/ldapmisc.c
--- openssh-5.5p1/ldapmisc.c.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/ldapmisc.c.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/ldapmisc.c 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/ldapmisc.c 2010-05-20 07:11:47.000000000 +0200
@@ -0,0 +1,79 @@ @@ -0,0 +1,79 @@
+ +
+#include "ldapincludes.h" +#include "ldapincludes.h"
@ -2207,8 +2207,8 @@ diff -up openssh-5.5p1/ldapmisc.c.pka openssh-5.5p1/ldapmisc.c
+#endif +#endif
+ +
diff -up openssh-5.5p1/ldapmisc.h.pka openssh-5.5p1/ldapmisc.h diff -up openssh-5.5p1/ldapmisc.h.pka openssh-5.5p1/ldapmisc.h
--- openssh-5.5p1/ldapmisc.h.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/ldapmisc.h.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/ldapmisc.h 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/ldapmisc.h 2010-05-20 07:11:47.000000000 +0200
@@ -0,0 +1,35 @@ @@ -0,0 +1,35 @@
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
@ -2246,8 +2246,8 @@ diff -up openssh-5.5p1/ldapmisc.h.pka openssh-5.5p1/ldapmisc.h
+#endif /* LDAPMISC_H */ +#endif /* LDAPMISC_H */
+ +
diff -up openssh-5.5p1/lpk-user-example.txt.pka openssh-5.5p1/lpk-user-example.txt diff -up openssh-5.5p1/lpk-user-example.txt.pka openssh-5.5p1/lpk-user-example.txt
--- openssh-5.5p1/lpk-user-example.txt.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/lpk-user-example.txt.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/lpk-user-example.txt 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/lpk-user-example.txt 2010-05-20 07:11:47.000000000 +0200
@@ -0,0 +1,117 @@ @@ -0,0 +1,117 @@
+ +
+Post to ML -> User Made Quick Install Doc. +Post to ML -> User Made Quick Install Doc.
@ -2368,7 +2368,7 @@ diff -up openssh-5.5p1/lpk-user-example.txt.pka openssh-5.5p1/lpk-user-example.t
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff -up openssh-5.5p1/Makefile.in.pka openssh-5.5p1/Makefile.in diff -up openssh-5.5p1/Makefile.in.pka openssh-5.5p1/Makefile.in
--- openssh-5.5p1/Makefile.in.pka 2010-03-13 22:41:34.000000000 +0100 --- openssh-5.5p1/Makefile.in.pka 2010-03-13 22:41:34.000000000 +0100
+++ openssh-5.5p1/Makefile.in 2010-05-14 08:51:17.000000000 +0200 +++ openssh-5.5p1/Makefile.in 2010-05-20 07:11:48.000000000 +0200
@@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas @@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas
SFTP_SERVER=$(libexecdir)/sftp-server SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign SSH_KEYSIGN=$(libexecdir)/ssh-keysign
@ -2453,8 +2453,8 @@ diff -up openssh-5.5p1/Makefile.in.pka openssh-5.5p1/Makefile.in
tests interop-tests: $(TARGETS) tests interop-tests: $(TARGETS)
diff -up openssh-5.5p1/openssh-lpk-openldap.schema.pka openssh-5.5p1/openssh-lpk-openldap.schema diff -up openssh-5.5p1/openssh-lpk-openldap.schema.pka openssh-5.5p1/openssh-lpk-openldap.schema
--- openssh-5.5p1/openssh-lpk-openldap.schema.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/openssh-lpk-openldap.schema.pka 2010-05-20 07:11:48.000000000 +0200
+++ openssh-5.5p1/openssh-lpk-openldap.schema 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/openssh-lpk-openldap.schema 2010-05-20 07:11:48.000000000 +0200
@@ -0,0 +1,21 @@ @@ -0,0 +1,21 @@
+# +#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@ -2478,8 +2478,8 @@ diff -up openssh-5.5p1/openssh-lpk-openldap.schema.pka openssh-5.5p1/openssh-lpk
+ MUST ( sshPublicKey $ uid ) + MUST ( sshPublicKey $ uid )
+ ) + )
diff -up openssh-5.5p1/openssh-lpk-sun.schema.pka openssh-5.5p1/openssh-lpk-sun.schema diff -up openssh-5.5p1/openssh-lpk-sun.schema.pka openssh-5.5p1/openssh-lpk-sun.schema
--- openssh-5.5p1/openssh-lpk-sun.schema.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/openssh-lpk-sun.schema.pka 2010-05-20 07:11:48.000000000 +0200
+++ openssh-5.5p1/openssh-lpk-sun.schema 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/openssh-lpk-sun.schema 2010-05-20 07:11:48.000000000 +0200
@@ -0,0 +1,23 @@ @@ -0,0 +1,23 @@
+# +#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@ -2505,8 +2505,8 @@ diff -up openssh-5.5p1/openssh-lpk-sun.schema.pka openssh-5.5p1/openssh-lpk-sun.
+ MUST ( sshPublicKey $ uid ) + MUST ( sshPublicKey $ uid )
+ ) + )
diff -up openssh-5.5p1/README.lpk.pka openssh-5.5p1/README.lpk diff -up openssh-5.5p1/README.lpk.pka openssh-5.5p1/README.lpk
--- openssh-5.5p1/README.lpk.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/README.lpk.pka 2010-05-20 07:11:48.000000000 +0200
+++ openssh-5.5p1/README.lpk 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/README.lpk 2010-05-20 07:11:48.000000000 +0200
@@ -0,0 +1,274 @@ @@ -0,0 +1,274 @@
+OpenSSH LDAP PUBLIC KEY PATCH +OpenSSH LDAP PUBLIC KEY PATCH
+Copyright (c) 2003 Eric AUGE (eau@phear.org) +Copyright (c) 2003 Eric AUGE (eau@phear.org)
@ -2783,8 +2783,8 @@ diff -up openssh-5.5p1/README.lpk.pka openssh-5.5p1/README.lpk
+ Jan F. Chadima <jchadima@redhat.com> + Jan F. Chadima <jchadima@redhat.com>
+ +
diff -up openssh-5.5p1/servconf.c.pka openssh-5.5p1/servconf.c diff -up openssh-5.5p1/servconf.c.pka openssh-5.5p1/servconf.c
--- openssh-5.5p1/servconf.c.pka 2010-05-14 08:18:59.000000000 +0200 --- openssh-5.5p1/servconf.c.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/servconf.c 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/servconf.c 2010-05-20 07:11:48.000000000 +0200
@@ -129,6 +129,8 @@ initialize_server_options(ServerOptions @@ -129,6 +129,8 @@ initialize_server_options(ServerOptions
options->num_permitted_opens = -1; options->num_permitted_opens = -1;
options->adm_forced_command = NULL; options->adm_forced_command = NULL;
@ -2856,8 +2856,8 @@ diff -up openssh-5.5p1/servconf.c.pka openssh-5.5p1/servconf.c
/* string arguments requiring a lookup */ /* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level)); dump_cfg_string(sLogLevel, log_level_name(o->log_level));
diff -up openssh-5.5p1/servconf.h.pka openssh-5.5p1/servconf.h diff -up openssh-5.5p1/servconf.h.pka openssh-5.5p1/servconf.h
--- openssh-5.5p1/servconf.h.pka 2010-05-14 08:18:59.000000000 +0200 --- openssh-5.5p1/servconf.h.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/servconf.h 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/servconf.h 2010-05-20 07:11:48.000000000 +0200
@@ -157,6 +157,8 @@ typedef struct { @@ -157,6 +157,8 @@ typedef struct {
char *chroot_directory; char *chroot_directory;
char *revoked_keys_file; char *revoked_keys_file;
@ -2868,8 +2868,8 @@ diff -up openssh-5.5p1/servconf.h.pka openssh-5.5p1/servconf.h
void initialize_server_options(ServerOptions *); void initialize_server_options(ServerOptions *);
diff -up openssh-5.5p1/sshd_config.0.pka openssh-5.5p1/sshd_config.0 diff -up openssh-5.5p1/sshd_config.0.pka openssh-5.5p1/sshd_config.0
--- openssh-5.5p1/sshd_config.0.pka 2010-05-14 08:18:59.000000000 +0200 --- openssh-5.5p1/sshd_config.0.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/sshd_config.0 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/sshd_config.0 2010-05-20 07:11:48.000000000 +0200
@@ -352,7 +352,8 @@ DESCRIPTION @@ -352,7 +352,8 @@ DESCRIPTION
KbdInteractiveAuthentication, KerberosAuthentication, KbdInteractiveAuthentication, KerberosAuthentication,
MaxAuthTries, MaxSessions, PasswordAuthentication, MaxAuthTries, MaxSessions, PasswordAuthentication,
@ -2899,8 +2899,8 @@ diff -up openssh-5.5p1/sshd_config.0.pka openssh-5.5p1/sshd_config.0
Specifies whether rhosts or /etc/hosts.equiv authentication to- Specifies whether rhosts or /etc/hosts.equiv authentication to-
gether with successful RSA host authentication is allowed. The gether with successful RSA host authentication is allowed. The
diff -up openssh-5.5p1/sshd_config.5.pka openssh-5.5p1/sshd_config.5 diff -up openssh-5.5p1/sshd_config.5.pka openssh-5.5p1/sshd_config.5
--- openssh-5.5p1/sshd_config.5.pka 2010-05-14 08:18:59.000000000 +0200 --- openssh-5.5p1/sshd_config.5.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/sshd_config.5 2010-05-14 08:31:23.000000000 +0200 +++ openssh-5.5p1/sshd_config.5 2010-05-20 07:11:48.000000000 +0200
@@ -623,6 +623,8 @@ Available keywords are @@ -623,6 +623,8 @@ Available keywords are
.Cm PermitOpen , .Cm PermitOpen ,
.Cm PermitRootLogin , .Cm PermitRootLogin ,
@ -2928,8 +2928,8 @@ diff -up openssh-5.5p1/sshd_config.5.pka openssh-5.5p1/sshd_config.5
Specifies whether rhosts or /etc/hosts.equiv authentication together Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed. with successful RSA host authentication is allowed.
diff -up openssh-5.5p1/sshd_config.pka openssh-5.5p1/sshd_config diff -up openssh-5.5p1/sshd_config.pka openssh-5.5p1/sshd_config
--- openssh-5.5p1/sshd_config.pka 2010-05-14 08:18:59.000000000 +0200 --- openssh-5.5p1/sshd_config.pka 2010-05-20 07:11:47.000000000 +0200
+++ openssh-5.5p1/sshd_config 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/sshd_config 2010-05-20 07:11:48.000000000 +0200
@@ -45,6 +45,8 @@ SyslogFacility AUTHPRIV @@ -45,6 +45,8 @@ SyslogFacility AUTHPRIV
#RSAAuthentication yes #RSAAuthentication yes
#PubkeyAuthentication yes #PubkeyAuthentication yes
@ -2940,9 +2940,9 @@ diff -up openssh-5.5p1/sshd_config.pka openssh-5.5p1/sshd_config
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no #RhostsRSAAuthentication no
diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5 diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
--- openssh-5.5p1/ssh-ldap.conf.5.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/ssh-ldap.conf.5.pka 2010-05-20 07:11:48.000000000 +0200
+++ openssh-5.5p1/ssh-ldap.conf.5 2010-05-14 08:19:02.000000000 +0200 +++ openssh-5.5p1/ssh-ldap.conf.5 2010-05-20 08:22:10.000000000 +0200
@@ -0,0 +1,371 @@ @@ -0,0 +1,373 @@
+.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $ +.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
+.\" +.\"
+.\" Copyright (c) 2010 Jan F. Chadima. All rights reserved. +.\" Copyright (c) 2010 Jan F. Chadima. All rights reserved.
@ -2985,11 +2985,11 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+Quoting values that contain blanks +Quoting values that contain blanks
+may be incorrect, as the quotes would become part of the value. +may be incorrect, as the quotes would become part of the value.
+The possible keywords and their meanings are as follows (note that +The possible keywords and their meanings are as follows (note that
+keywords are case-insensitive and arguments, on a case by case basis, may be case-sensitive). +keywords are case-insensitive, and arguments, on a case by case basis, may be case-sensitive).
+.It Cm URI +.It Cm URI
+The argument(s) are in the form +The argument(s) are in the form
+.Pa ldap[si]://[name[:port]] +.Pa ldap[si]://[name[:port]]
+they specifies the URI(s) of an LDAP server(s) to which the +and specify the URI(s) of an LDAP server(s) to which the
+.Xr ssh-ldap-helper 8 +.Xr ssh-ldap-helper 8
+should connect. The URI scheme may be any of +should connect. The URI scheme may be any of
+.Dq ldap , +.Dq ldap ,
@ -3009,11 +3009,11 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+A space separated list of URIs may be provided. +A space separated list of URIs may be provided.
+There is no default. +There is no default.
+.It Cm Base +.It Cm Base
+Specifies the default base DN to use when performing ldap operations. +Specifies the default base Distinguished Name (DN) to use when performing ldap operations.
+The base must be specified as a Distinguished Name in LDAP format. +The base must be specified as a DN in LDAP format.
+There is no default. +There is no default.
+.It Cm BindDN +.It Cm BindDN
+Specifies the default bind DN to use when connecting to the ldap server. +Specifies the default BIND DN to use when connecting to the ldap server.
+The bind DN must be specified as a Distinguished Name in LDAP format. +The bind DN must be specified as a Distinguished Name in LDAP format.
+There is no default. +There is no default.
+.It Cm BindPW +.It Cm BindPW
@ -3027,7 +3027,7 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+.Xr ssh-ldap-helper 8 +.Xr ssh-ldap-helper 8
+should connect. Each server's name can be specified as a +should connect. Each server's name can be specified as a
+domain-style name or an IP address and optionally followed by a ':' and +domain-style name or an IP address and optionally followed by a ':' and
+the port number the ldap server is listening on. A space separated +the port number the ldap server is listening on. A space-separated
+list of hosts may be provided. +list of hosts may be provided.
+There is no default. +There is no default.
+.Cm Host +.Cm Host
@ -3041,7 +3041,7 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+is deprecated in favor of +is deprecated in favor of
+.Cm URI . +.Cm URI .
+.It Cm Scope +.It Cm Scope
+Specifies the starting point of an LDAP search and the depth from the base DN to which the search should occur. +Specifies the starting point of an LDAP search and the depth from the base DN to which the search should descend.
+There are three options (values) that can be assigned to the +There are three options (values) that can be assigned to the
+.Cm Scope parameter: +.Cm Scope parameter:
+.Dq base , +.Dq base ,
@ -3055,7 +3055,7 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+is used to indicate searching only the entry at the base DN, resulting in only that entry being returned (keeping in mind that it also has to meet the search filter criteria!). +is used to indicate searching only the entry at the base DN, resulting in only that entry being returned (keeping in mind that it also has to meet the search filter criteria!).
+The value +The value
+.Dq one +.Dq one
+is used to indicate searching all entries one level under the base DN - but not including the base DN and not including any entries under that one level under the base DN. +is used to indicate searching all entries one level under the base DN, but not including the base DN and not including any entries under that one level under the base DN.
+The value +The value
+.Dq subtree +.Dq subtree
+is used to indicate searching of all entries at all levels under and including the specified base DN. +is used to indicate searching of all entries at all levels under and including the specified base DN.
@ -3082,16 +3082,16 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+.Dq finding +.Dq finding
+means that the aliases are only dereferenced when locating the base object of the search. +means that the aliases are only dereferenced when locating the base object of the search.
+The value +The value
+.Dq always . +.Dq always
+means that the aliases are dereferenced both in searching and in locating the base object +means that the aliases are dereferenced both in searching and in locating the base object
+of the search. +of the search.
+The default is +The default is
+.Dq never . +.Dq never .
+.It Cm TimeLimit +.It Cm TimeLimit
+Specifies a time limit (in seconds) to use when performing searches. +Specifies a time limit (in seconds) to use when performing searches.
+The number should be a non-negative integer. +The number should be a non-negative integer. A
+.Cm TimeLimit +.Cm TimeLimit
+of zero (0) specifies unlimited search time to be used. Please note that the server +of zero (0) specifies that the search time is unlimited. Please note that the server
+may still apply any server-side limit on the duration of a search operation. +may still apply any server-side limit on the duration of a search operation.
+The default value is 10. +The default value is 10.
+.It Cm TimeOut +.It Cm TimeOut
@ -3111,24 +3111,24 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+Is an alias to +Is an alias to
+.Cm Ldap_Version . +.Cm Ldap_Version .
+.It Cm Bind_Policy +.It Cm Bind_Policy
+Specifies the policy to use for reconnecting to an unavailable LDAP server. There are 2 awailable values: +Specifies the policy to use for reconnecting to an unavailable LDAP server. There are 2 available values:
+.Dq hard +.Dq hard
+and +and
+.Dq soft. +.Dq soft.
+.Dq hard have 2 aliases +.Dq hard has 2 aliases
+.Dq hard_open +.Dq hard_open
+and +and
+.Dq hard_init . +.Dq hard_init .
+The value +The value
+.Dq hard +.Dq hard
+means reconects that the +means that reconects that the
+Xr ssh-ldap-helper 8 +.Xr ssh-ldap-helper 8
+tries to reconnect to the LDAP server 5 times before failure. There is exponential backoff before retrying. +tries to reconnect to the LDAP server 5 times before failure. There is exponential backoff before retrying.
+The value +The value
+.Dq soft +.Dq soft
+means that +means that
+Xr ssh-ldap-helper 8 +.Xr ssh-ldap-helper 8
+fails immediatelly when cannot connect to the LDAP seerver. +fails immediately when it cannot connect to the LDAP seerver.
+The deault is +The deault is
+.Dq hard . +.Dq hard .
+.It Cm SSLPath +.It Cm SSLPath
@ -3136,11 +3136,12 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+There is no default. +There is no default.
+.It Cm SSL +.It Cm SSL
+Specifies whether to use SSL/TLS or not. +Specifies whether to use SSL/TLS or not.
+There are three alloved values: +There are three allowed values:
+.Dq yes , +.Dq yes ,
+.Dq no +.Dq no
+and +and
+.Dq start_tls +.Dq start_tls
+Both
+.Dq true +.Dq true
+and +and
+.Dq on +.Dq on
@ -3151,12 +3152,13 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+.Dq off +.Dq off
+are the aliases for +are the aliases for
+.Dq no . +.Dq no .
+If start_tls is specified then StartTLS is used rather than raw LDAP over SSL. +If
+The default is +.Dqstart_tls
+.Dq start_tls +is specified then StartTLS is used rather than raw LDAP over SSL.
+for the ldap:// +The default for ldap:// is
+.Dq start_tls ,
+for ldaps://
+.Dq yes +.Dq yes
+for the ldaps://
+and +and
+.Dq no +.Dq no
+for the ldapi:// . +for the ldapi:// .
@ -3211,7 +3213,7 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+.Dq on +.Dq on
+and +and
+.Dq yes +.Dq yes
+are the aliases for +are aliases for
+.Dq hard . +.Dq hard .
+.Dq false , +.Dq false ,
+.Dq off +.Dq off
@ -3234,14 +3236,14 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+the session is immediately terminated. +the session is immediately terminated.
+The value +The value
+.Dq demand +.Dq demand
+Means that the server certificate is requested. If no +means that the server certificate is requested. If no
+certificate is provided, or a bad certificate is provided, the session +certificate is provided, or a bad certificate is provided, the session
+is immediately terminated. +is immediately terminated.
+The value +The value
+.Dq hard +.Dq hard
+is the same as +is the same as
+.Dq demand . +.Dq demand .
+It requires the SSL connection. In the case of the plain conection the +It requires an SSL connection. In the case of the plain conection the
+session is immediately terminated. +session is immediately terminated.
+The default is +The default is
+.Dq hard . +.Dq hard .
@ -3315,9 +3317,9 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+.Sh AUTHORS +.Sh AUTHORS
+.An Jan F. Chadima Aq jchadima@redhat.com +.An Jan F. Chadima Aq jchadima@redhat.com
diff -up openssh-5.5p1/ssh-ldap-helper.8.pka openssh-5.5p1/ssh-ldap-helper.8 diff -up openssh-5.5p1/ssh-ldap-helper.8.pka openssh-5.5p1/ssh-ldap-helper.8
--- openssh-5.5p1/ssh-ldap-helper.8.pka 2010-05-14 08:19:02.000000000 +0200 --- openssh-5.5p1/ssh-ldap-helper.8.pka 2010-05-20 07:11:48.000000000 +0200
+++ openssh-5.5p1/ssh-ldap-helper.8 2010-05-14 08:20:39.000000000 +0200 +++ openssh-5.5p1/ssh-ldap-helper.8 2010-05-20 07:21:14.000000000 +0200
@@ -0,0 +1,79 @@ @@ -0,0 +1,78 @@
+.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $ +.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
+.\" +.\"
+.\" Copyright (c) 2010 Jan F. Chadima. All rights reserved. +.\" Copyright (c) 2010 Jan F. Chadima. All rights reserved.
@ -3349,7 +3351,7 @@ diff -up openssh-5.5p1/ssh-ldap-helper.8.pka openssh-5.5p1/ssh-ldap-helper.8
+.Nm +.Nm
+is used by +is used by
+.Xr sshd 1 +.Xr sshd 1
+to access keys provided by a LDAP. +to access keys provided by an LDAP.
+.Nm +.Nm
+is disabled by default and can only be enabled in the +is disabled by default and can only be enabled in the
+sshd configuration file +sshd configuration file
@ -3366,26 +3368,25 @@ diff -up openssh-5.5p1/ssh-ldap-helper.8.pka openssh-5.5p1/ssh-ldap-helper.8
+The options are as follows: +The options are as follows:
+.Bl -tag -width Ds +.Bl -tag -width Ds
+.It Fl d +.It Fl d
+Set the debug mode, +Set the debug mode;
+.Nm +.Nm
+prints all logs to stderr instead of syslog. +prints all logs to stderr instead of syslog.
+.It Fl e +.It Fl e
+Implies \-w +Implies \-w;
+.Nm +.Nm
+halt when an unknown item is found in the ldap.conf file. +halts if it encounters an unknown item in the ldap.conf file.
+.It Fl f +.It Fl f
+Default /etc/ssh/ldap.conf.
+.Nm +.Nm
+uses this file as a ldap configuration file. +uses this file as the ldap configuration file instead of /etc/ssh/ldap.conf (default).
+.It Fl s +.It Fl s
+.Nm +.Nm
+print out the keys of the user on stdout and exits. +prints out the user's keys to stdout and exits.
+.It Fl v +.It Fl v
+Implies \-d +Implies \-d;
+increases verbosity. +increases verbosity.
+.It Fl w +.It Fl w
+.Nm +.Nm
+writes warnings about unknown items in the ldap.conf file. +writes warnings about unknown items in the ldap.conf configuration file.
+ +
+.Sh SEE ALSO +.Sh SEE ALSO
+.Xr sshd 8 , +.Xr sshd 8 ,

View File

@ -70,7 +70,7 @@
%endif %endif
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_rel 10 %define openssh_rel 11
%define openssh_ver 5.5p1 %define openssh_ver 5.5p1
%define pam_ssh_agent_rel 26 %define pam_ssh_agent_rel 26
%define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_ver 0.9.2
@ -579,6 +579,9 @@ fi
%endif %endif
%changelog %changelog
* Thu May 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-11 + 0.9.2-26
- Typo in ssh-ldap.conf(5) and ssh-ladap-helper(8)
* Fri May 14 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-10 + 0.9.2-26 * Fri May 14 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-10 + 0.9.2-26
- Repair the reference in man ssh-ldap-helper(8) - Repair the reference in man ssh-ldap-helper(8)
- Repair the PubkeyAgent section in sshd_config(5) - Repair the PubkeyAgent section in sshd_config(5)