From f3b39bb6cbe1401b0cee6f5fb8efc58ba75d9235 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 26 Feb 2014 17:08:07 +0100 Subject: [PATCH] don't clean up gssapi credentials by default (#1055016) --- openssh-6.1p1-log-usepam-no.patch | 2 +- openssh-6.3p1-gsskex.patch | 2 +- openssh-6.3p1-redhat.patch | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/openssh-6.1p1-log-usepam-no.patch b/openssh-6.1p1-log-usepam-no.patch index 4ed52b1..64cec2c 100644 --- a/openssh-6.1p1-log-usepam-no.patch +++ b/openssh-6.1p1-log-usepam-no.patch @@ -15,7 +15,7 @@ diff -up openssh-6.1p1/sshd.c.log-usepam-no openssh-6.1p1/sshd.c diff -up openssh-6.1p1/sshd_config.log-usepam-no openssh-6.1p1/sshd_config --- openssh-6.1p1/sshd_config.log-usepam-no 2012-09-14 20:54:58.514255748 +0200 +++ openssh-6.1p1/sshd_config 2012-09-14 20:54:58.551255954 +0200 -@@ -95,6 +95,8 @@ GSSAPICleanupCredentials yes +@@ -95,6 +95,8 @@ GSSAPICleanupCredentials no # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. diff --git a/openssh-6.3p1-gsskex.patch b/openssh-6.3p1-gsskex.patch index eefd792..0c54d38 100644 --- a/openssh-6.3p1-gsskex.patch +++ b/openssh-6.3p1-gsskex.patch @@ -2892,7 +2892,7 @@ diff -up openssh-6.3p1/sshd_config.gsskex openssh-6.3p1/sshd_config @@ -92,6 +92,8 @@ ChallengeResponseAuthentication no GSSAPIAuthentication yes #GSSAPICleanupCredentials yes - GSSAPICleanupCredentials yes + GSSAPICleanupCredentials no +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no diff --git a/openssh-6.3p1-redhat.patch b/openssh-6.3p1-redhat.patch index d85244d..98df47d 100644 --- a/openssh-6.3p1-redhat.patch +++ b/openssh-6.3p1-redhat.patch @@ -96,7 +96,7 @@ diff -up openssh-6.3p1/sshd_config.redhat openssh-6.3p1/sshd_config #GSSAPIAuthentication no +GSSAPIAuthentication yes #GSSAPICleanupCredentials yes -+GSSAPICleanupCredentials yes ++GSSAPICleanupCredentials no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will