rpms/openssh/devel openssh-5.5p1-pka-ldap.patch, 1.3, 1.4 openssh.spec, 1.210, 1.211
Jan F. Chadima
jfch2222 at fedoraproject.org
Thu May 13 13:53:17 UTC 2010
- Previous message: rpms/quake3/F-12 quake3.spec,1.18,1.19
- Next message: rpms/virtuoso-opensource/F-11 .cvsignore, 1.4, 1.5 sources, 1.4, 1.5 virtuoso-opensource.spec, 1.4, 1.5 virtuoso-opensource-5.0.11-openssl.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jfch2222
Update of /cvs/pkgs/rpms/openssh/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv30964
Modified Files:
openssh-5.5p1-pka-ldap.patch openssh.spec
Log Message:
* Thu May 13 2010 Jan F. Chadima <jchadima at redhat.com> - 5.5p1-9 + 0.9.2-26
- Make the Ldap configuration widely compatible
- create the aditional docs for LDAP support.
openssh-5.5p1-pka-ldap.patch:
Makefile.in | 19 +
README.lpk | 274 +++++++++++++++++
auth2-pubkey.c | 158 +++++++++-
config.h.in | 94 +++++-
configure.ac | 114 +++++++
ldap-helper.c | 154 +++++++++
ldap-helper.h | 32 ++
ldapbody.c | 494 +++++++++++++++++++++++++++++++
ldapbody.h | 37 ++
ldapconf.c | 682 ++++++++++++++++++++++++++++++++++++++++++++
ldapconf.h | 71 ++++
ldapincludes.h | 41 ++
ldapmisc.c | 79 +++++
ldapmisc.h | 35 ++
lpk-user-example.txt | 117 +++++++
openssh-lpk-openldap.schema | 21 +
openssh-lpk-sun.schema | 23 +
servconf.c | 28 +
servconf.h | 2
ssh-ldap-helper.8 | 79 +++++
ssh-ldap.conf.5 | 369 +++++++++++++++++++++++
sshd_config | 2
sshd_config.0 | 14
sshd_config.5 | 13
24 files changed, 2927 insertions(+), 25 deletions(-)
Index: openssh-5.5p1-pka-ldap.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh-5.5p1-pka-ldap.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- openssh-5.5p1-pka-ldap.patch 6 May 2010 14:01:15 -0000 1.3
+++ openssh-5.5p1-pka-ldap.patch 13 May 2010 13:53:16 -0000 1.4
@@ -1,6 +1,6 @@
diff -up openssh-5.5p1/auth2-pubkey.c.pka openssh-5.5p1/auth2-pubkey.c
---- openssh-5.5p1/auth2-pubkey.c.pka 2010-05-06 15:49:14.000000000 +0200
-+++ openssh-5.5p1/auth2-pubkey.c 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/auth2-pubkey.c.pka 2010-05-12 21:53:55.000000000 +0200
++++ openssh-5.5p1/auth2-pubkey.c 2010-05-12 21:53:58.000000000 +0200
@@ -186,27 +186,15 @@ done:
/* return 1 if user allows given key */
@@ -196,7 +196,7 @@ diff -up openssh-5.5p1/auth2-pubkey.c.pk
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
diff -up openssh-5.5p1/config.h.in.pka openssh-5.5p1/config.h.in
--- openssh-5.5p1/config.h.in.pka 2010-04-16 02:17:09.000000000 +0200
-+++ openssh-5.5p1/config.h.in 2010-05-06 15:49:15.000000000 +0200
++++ openssh-5.5p1/config.h.in 2010-05-12 21:53:58.000000000 +0200
@@ -1,5 +1,8 @@
/* config.h.in. Generated from configure.ac by autoheader. */
@@ -362,8 +362,8 @@ diff -up openssh-5.5p1/config.h.in.pka o
/* Define if xauth is found in your path */
#undef XAUTH_PATH
diff -up openssh-5.5p1/configure.ac.pka openssh-5.5p1/configure.ac
---- openssh-5.5p1/configure.ac.pka 2010-05-06 15:49:14.000000000 +0200
-+++ openssh-5.5p1/configure.ac 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/configure.ac.pka 2010-05-12 21:53:57.000000000 +0200
++++ openssh-5.5p1/configure.ac 2010-05-12 21:53:58.000000000 +0200
@@ -1346,6 +1346,118 @@ AC_ARG_WITH(audit,
esac ]
)
@@ -493,8 +493,8 @@ diff -up openssh-5.5p1/configure.ac.pka
echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
diff -up openssh-5.5p1/ldapbody.c.pka openssh-5.5p1/ldapbody.c
---- openssh-5.5p1/ldapbody.c.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/ldapbody.c 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/ldapbody.c.pka 2010-05-12 21:53:58.000000000 +0200
++++ openssh-5.5p1/ldapbody.c 2010-05-12 21:53:58.000000000 +0200
@@ -0,0 +1,494 @@
+/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -991,8 +991,8 @@ diff -up openssh-5.5p1/ldapbody.c.pka op
+}
+
diff -up openssh-5.5p1/ldapbody.h.pka openssh-5.5p1/ldapbody.h
---- openssh-5.5p1/ldapbody.h.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/ldapbody.h 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/ldapbody.h.pka 2010-05-12 21:53:58.000000000 +0200
++++ openssh-5.5p1/ldapbody.h 2010-05-12 21:53:58.000000000 +0200
@@ -0,0 +1,37 @@
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1032,9 +1032,9 @@ diff -up openssh-5.5p1/ldapbody.h.pka op
+#endif /* LDAPBODY_H */
+
diff -up openssh-5.5p1/ldapconf.c.pka openssh-5.5p1/ldapconf.c
---- openssh-5.5p1/ldapconf.c.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/ldapconf.c 2010-05-06 15:47:43.000000000 +0200
-@@ -0,0 +1,673 @@
+--- openssh-5.5p1/ldapconf.c.pka 2010-05-12 21:53:58.000000000 +0200
++++ openssh-5.5p1/ldapconf.c 2010-05-13 13:32:05.000000000 +0200
+@@ -0,0 +1,682 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
@@ -1076,9 +1076,9 @@ diff -up openssh-5.5p1/ldapconf.c.pka op
+ lHost, lURI, lBase, lBindDN, lBindPW, lRootBindDN,
+ lScope, lDeref, lPort, lTimeLimit, lBind_TimeLimit,
+ lLdap_Version, lBind_Policy, lSSLPath, lSSL, lReferrals,
-+ lRestart, lTLS_CheckPeer, lTLS_Certificate, lTLS_CaCertFile,
++ lRestart, lTLS_CheckPeer, lTLS_CaCertFile,
+ lTLS_CaCertDir, lTLS_Ciphers, lTLS_Cert, lTLS_Key,
-+ lTLS_RandFile, lLogdir, lDebug, lSSH_Filter,
++ lTLS_RandFile, lLogDir, lDebug, lSSH_Filter,
+ lDeprecated, lUnsupported
+} OpCodes;
+
@@ -1088,18 +1088,25 @@ diff -up openssh-5.5p1/ldapconf.c.pka op
+ const char *name;
+ OpCodes opcode;
+} keywords[] = {
-+ { "Host", lHost },
+ { "URI", lURI },
+ { "Base", lBase },
+ { "BindDN", lBindDN },
+ { "BindPW", lBindPW },
+ { "RootBindDN", lRootBindDN },
++ { "Host", lHost },
++ { "Port", lPort },
+ { "Scope", lScope },
+ { "Deref", lDeref },
-+ { "Port", lPort },
-+ { "Timelimit", lTimeLimit },
++ { "TimeLimit", lTimeLimit },
++ { "TimeOut", lTimeLimit },
+ { "Bind_Timelimit", lBind_TimeLimit },
++ { "Network_TimeOut", lBind_TimeLimit },
++/*
++ * Todo
++ * SIZELIMIT
++ */
+ { "Ldap_Version", lLdap_Version },
++ { "Version", lLdap_Version },
+ { "Bind_Policy", lBind_Policy },
+ { "SSLPath", lSSLPath },
+ { "SSL", lSSL },
@@ -1107,13 +1114,13 @@ diff -up openssh-5.5p1/ldapconf.c.pka op
+ { "Restart", lRestart },
+ { "TLS_CheckPeer", lTLS_CheckPeer },
+ { "TLS_ReqCert", lTLS_CheckPeer },
-+ { "TLS_Certificate", lTLS_Certificate },
+ { "TLS_CaCertFile", lTLS_CaCertFile },
+ { "TLS_CaCert", lTLS_CaCertFile },
+ { "TLS_CaCertDir", lTLS_CaCertDir },
+ { "TLS_Ciphers", lTLS_Ciphers },
+ { "TLS_Cipher_Suite", lTLS_Ciphers },
+ { "TLS_Cert", lTLS_Cert },
++ { "TLS_Certificate", lTLS_Cert },
+ { "TLS_Key", lTLS_Key },
+ { "TLS_RandFile", lTLS_RandFile },
+/*
@@ -1121,7 +1128,7 @@ diff -up openssh-5.5p1/ldapconf.c.pka op
+ * TLS_CRLCHECK
+ * TLS_CRLFILE
+ */
-+ { "Logdir", lLogdir },
++ { "LogDir", lLogDir },
+ { "Debug", lDebug },
+ { "SSH_Filter", lSSH_Filter },
+ { NULL, lBadOption }
@@ -1230,11 +1237,11 @@ diff -up openssh-5.5p1/ldapconf.c.pka op
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing sub/one/base argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */
-+ if (!strcasecmp (arg, "sub"))
++ if (strcasecmp (arg, "sub") == 0 || strcasecmp (arg, "subtree") == 0)
+ value = LDAP_SCOPE_SUBTREE;
-+ else if (!strcasecmp (arg, "one"))
++ else if (strcasecmp (arg, "one") == 0)
+ value = LDAP_SCOPE_ONELEVEL;
-+ else if (!strcasecmp (arg, "base"))
++ else if (strcasecmp (arg, "base") == 0)
+ value = LDAP_SCOPE_BASE;
+ else
+ fatal("%.200s line %d: Bad sub/one/base argument.", filename, linenum);
@@ -1307,7 +1314,7 @@ diff -up openssh-5.5p1/ldapconf.c.pka op
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing soft/hard argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */
-+ if (strcasecmp(arg, "hard") == 0)
++ if (strcasecmp(arg, "hard") == 0 || strcasecmp(arg, "hard_open") == 0 || strcasecmp(arg, "hard_init") == 0)
+ value = 1;
+ else if (strcasecmp(arg, "soft") == 0)
+ value = 0;
@@ -1404,7 +1411,7 @@ diff -up openssh-5.5p1/ldapconf.c.pka op
+ charptr = &options.tls_randfile;
+ goto parse_string;
+
-+ case lLogdir:
++ case lLogDir:
+ charptr = &options.logdir;
+ goto parse_string;
+
@@ -1534,10 +1541,12 @@ diff -up openssh-5.5p1/ldapconf.c.pka op
+
+ if (ldap_url_parse(options.uri, &ludp) == LDAP_SUCCESS) {
+ if (options.ssl == -1) {
-+ if (strcmp (ludp->lud_scheme, "ldap") || strcmp (ludp->lud_scheme, "ldapi"))
-+ options.ssl = 0;
-+ else if (strcmp (ludp->lud_scheme, "ldaps"))
++ if (strcmp (ludp->lud_scheme, "ldap") == 0)
+ options.ssl = 2;
++ if (strcmp (ludp->lud_scheme, "ldapi") == 0)
++ options.ssl = 0;
++ else if (strcmp (ludp->lud_scheme, "ldaps") == 0)
++ options.ssl = 1;
+ }
+ if (options.host == NULL)
+ options.host = xstrdup (ludp->lud_host);
@@ -1703,14 +1712,14 @@ diff -up openssh-5.5p1/ldapconf.c.pka op
+ dump_cfg_string(lTLS_Cert, options.tls_cert);
+ dump_cfg_string(lTLS_Key, options.tls_key);
+ dump_cfg_string(lTLS_RandFile, options.tls_randfile);
-+ dump_cfg_string(lLogdir, options.logdir);
++ dump_cfg_string(lLogDir, options.logdir);
+ dump_cfg_int(lDebug, options.debug);
+ dump_cfg_string(lSSH_Filter, options.ssh_filter);
+}
+
diff -up openssh-5.5p1/ldapconf.h.pka openssh-5.5p1/ldapconf.h
---- openssh-5.5p1/ldapconf.h.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/ldapconf.h 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/ldapconf.h.pka 2010-05-12 21:53:58.000000000 +0200
++++ openssh-5.5p1/ldapconf.h 2010-05-12 21:53:58.000000000 +0200
@@ -0,0 +1,71 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1784,8 +1793,8 @@ diff -up openssh-5.5p1/ldapconf.h.pka op
+
+#endif /* LDAPCONF_H */
diff -up openssh-5.5p1/ldap-helper.c.pka openssh-5.5p1/ldap-helper.c
---- openssh-5.5p1/ldap-helper.c.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/ldap-helper.c 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/ldap-helper.c.pka 2010-05-12 21:53:58.000000000 +0200
++++ openssh-5.5p1/ldap-helper.c 2010-05-13 07:33:06.000000000 +0200
@@ -0,0 +1,154 @@
+/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1823,7 +1832,7 @@ diff -up openssh-5.5p1/ldap-helper.c.pka
+
+static int config_debug = 0;
+int config_exclusive_config_file = 0;
-+static char *config_file_name = "/etc/ldap.conf";
++static char *config_file_name = "/etc/ssh/ldap.conf";
+static char *config_single_user = NULL;
+static int config_verbose = SYSLOG_LEVEL_VERBOSE;
+int config_warning_config_file = 0;
@@ -1837,7 +1846,7 @@ diff -up openssh-5.5p1/ldap-helper.c.pka
+ fprintf(stderr, "Options:\n");
+ fprintf(stderr, " -d Output the log messages to stderr.\n");
+ fprintf(stderr, " -e Check the config file for unknown commands.\n");
-+ fprintf(stderr, " -f file Use alternate config file (default is /etc/ldap.conf).\n");
++ fprintf(stderr, " -f file Use alternate config file (default is /etc/ssh/ldap.conf).\n");
+ fprintf(stderr, " -s user Do not demonize, send the user's key to stdout.\n");
+ fprintf(stderr, " -v Increase verbosity of the debug output (implies -d).\n");
+ fprintf(stderr, " -w Warn on unknown commands int the config file.\n");
@@ -1942,8 +1951,8 @@ diff -up openssh-5.5p1/ldap-helper.c.pka
+void buffer_put_string(Buffer *b, const void *f, u_int l) {}
+
diff -up openssh-5.5p1/ldap-helper.h.pka openssh-5.5p1/ldap-helper.h
---- openssh-5.5p1/ldap-helper.h.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/ldap-helper.h 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/ldap-helper.h.pka 2010-05-12 21:53:59.000000000 +0200
++++ openssh-5.5p1/ldap-helper.h 2010-05-12 21:53:59.000000000 +0200
@@ -0,0 +1,32 @@
+/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1978,8 +1987,8 @@ diff -up openssh-5.5p1/ldap-helper.h.pka
+
+#endif /* LDAP_HELPER_H */
diff -up openssh-5.5p1/ldapincludes.h.pka openssh-5.5p1/ldapincludes.h
---- openssh-5.5p1/ldapincludes.h.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/ldapincludes.h 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/ldapincludes.h.pka 2010-05-12 21:53:59.000000000 +0200
++++ openssh-5.5p1/ldapincludes.h 2010-05-12 21:53:59.000000000 +0200
@@ -0,0 +1,41 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -2023,8 +2032,8 @@ diff -up openssh-5.5p1/ldapincludes.h.pk
+
+#endif /* LDAPINCLUDES_H */
diff -up openssh-5.5p1/ldapmisc.c.pka openssh-5.5p1/ldapmisc.c
---- openssh-5.5p1/ldapmisc.c.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/ldapmisc.c 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/ldapmisc.c.pka 2010-05-12 21:53:59.000000000 +0200
++++ openssh-5.5p1/ldapmisc.c 2010-05-12 21:53:59.000000000 +0200
@@ -0,0 +1,79 @@
+
+#include "ldapincludes.h"
@@ -2106,8 +2115,8 @@ diff -up openssh-5.5p1/ldapmisc.c.pka op
+#endif
+
diff -up openssh-5.5p1/ldapmisc.h.pka openssh-5.5p1/ldapmisc.h
---- openssh-5.5p1/ldapmisc.h.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/ldapmisc.h 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/ldapmisc.h.pka 2010-05-12 21:53:59.000000000 +0200
++++ openssh-5.5p1/ldapmisc.h 2010-05-12 21:53:59.000000000 +0200
@@ -0,0 +1,35 @@
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -2145,8 +2154,8 @@ diff -up openssh-5.5p1/ldapmisc.h.pka op
+#endif /* LDAPMISC_H */
+
diff -up openssh-5.5p1/lpk-user-example.txt.pka openssh-5.5p1/lpk-user-example.txt
---- openssh-5.5p1/lpk-user-example.txt.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/lpk-user-example.txt 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/lpk-user-example.txt.pka 2010-05-12 21:53:59.000000000 +0200
++++ openssh-5.5p1/lpk-user-example.txt 2010-05-12 21:53:59.000000000 +0200
@@ -0,0 +1,117 @@
+
+Post to ML -> User Made Quick Install Doc.
@@ -2267,7 +2276,7 @@ diff -up openssh-5.5p1/lpk-user-example.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff -up openssh-5.5p1/Makefile.in.pka openssh-5.5p1/Makefile.in
--- openssh-5.5p1/Makefile.in.pka 2010-03-13 22:41:34.000000000 +0100
-+++ openssh-5.5p1/Makefile.in 2010-05-06 15:49:15.000000000 +0200
++++ openssh-5.5p1/Makefile.in 2010-05-12 21:53:59.000000000 +0200
@@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
@@ -2293,8 +2302,8 @@ diff -up openssh-5.5p1/Makefile.in.pka o
-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
-+MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out
-+MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5
++MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out
++MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5
MANTYPE = @MANTYPE@
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
@@ -2318,17 +2327,18 @@ diff -up openssh-5.5p1/Makefile.in.pka o
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-@@ -285,6 +293,9 @@ install-files:
+@@ -285,6 +293,10 @@ install-files:
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+ if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
+ $(INSTALL) -m 644 ssh-ldap-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8 ; \
++ $(INSTALL) -m 644 ssh-ldap.conf.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh-ldap.conf.5 ; \
+ fi
-rm -f $(DESTDIR)$(bindir)/slogin
ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
-@@ -384,6 +395,7 @@ uninstall:
+@@ -384,6 +396,7 @@ uninstall:
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
@@ -2337,8 +2347,8 @@ diff -up openssh-5.5p1/Makefile.in.pka o
tests interop-tests: $(TARGETS)
diff -up openssh-5.5p1/openssh-lpk-openldap.schema.pka openssh-5.5p1/openssh-lpk-openldap.schema
---- openssh-5.5p1/openssh-lpk-openldap.schema.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/openssh-lpk-openldap.schema 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/openssh-lpk-openldap.schema.pka 2010-05-12 21:53:59.000000000 +0200
++++ openssh-5.5p1/openssh-lpk-openldap.schema 2010-05-12 21:53:59.000000000 +0200
@@ -0,0 +1,21 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -2362,8 +2372,8 @@ diff -up openssh-5.5p1/openssh-lpk-openl
+ MUST ( sshPublicKey $ uid )
+ )
diff -up openssh-5.5p1/openssh-lpk-sun.schema.pka openssh-5.5p1/openssh-lpk-sun.schema
---- openssh-5.5p1/openssh-lpk-sun.schema.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/openssh-lpk-sun.schema 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/openssh-lpk-sun.schema.pka 2010-05-12 21:53:59.000000000 +0200
++++ openssh-5.5p1/openssh-lpk-sun.schema 2010-05-12 21:53:59.000000000 +0200
@@ -0,0 +1,23 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -2389,9 +2399,9 @@ diff -up openssh-5.5p1/openssh-lpk-sun.s
+ MUST ( sshPublicKey $ uid )
+ )
diff -up openssh-5.5p1/README.lpk.pka openssh-5.5p1/README.lpk
---- openssh-5.5p1/README.lpk.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/README.lpk 2010-05-06 15:49:15.000000000 +0200
-@@ -0,0 +1,268 @@
+--- openssh-5.5p1/README.lpk.pka 2010-05-12 21:53:59.000000000 +0200
++++ openssh-5.5p1/README.lpk 2010-05-12 21:53:59.000000000 +0200
+@@ -0,0 +1,274 @@
+OpenSSH LDAP PUBLIC KEY PATCH
+Copyright (c) 2003 Eric AUGE (eau at phear.org)
+All rights reserved.
@@ -2636,7 +2646,13 @@ diff -up openssh-5.5p1/README.lpk.pka op
+ I hope this could help, and i hope to be clear enough,, or give ideas. questions/comments/improvements are welcome.
+
+- TODO :
-+ Redesign differently.
++ Possibility to reuse the ssh-ldap-helper.
++ Tune the LDAP part to all possible LDAP configurations.
++
++- DIFFERENCES FROM ORIGINAL lpk
++ No LDAP code in sshd.
++ Support for various LDAP platforms and configurations.
++ LDAP is configured in separate ldap.conf file.
+
+- DOCS/LINK :
+ http://pacsec.jp/core05/psj05-barisani-en.pdf
@@ -2661,8 +2677,8 @@ diff -up openssh-5.5p1/README.lpk.pka op
+ Jan F. Chadima <jchadima at redhat.com>
+
diff -up openssh-5.5p1/servconf.c.pka openssh-5.5p1/servconf.c
---- openssh-5.5p1/servconf.c.pka 2010-05-06 15:49:13.000000000 +0200
-+++ openssh-5.5p1/servconf.c 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/servconf.c.pka 2010-05-12 21:53:53.000000000 +0200
++++ openssh-5.5p1/servconf.c 2010-05-12 21:53:59.000000000 +0200
@@ -129,6 +129,8 @@ initialize_server_options(ServerOptions
options->num_permitted_opens = -1;
options->adm_forced_command = NULL;
@@ -2734,8 +2750,8 @@ diff -up openssh-5.5p1/servconf.c.pka op
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
diff -up openssh-5.5p1/servconf.h.pka openssh-5.5p1/servconf.h
---- openssh-5.5p1/servconf.h.pka 2010-05-06 15:49:13.000000000 +0200
-+++ openssh-5.5p1/servconf.h 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/servconf.h.pka 2010-05-12 21:53:53.000000000 +0200
++++ openssh-5.5p1/servconf.h 2010-05-12 21:54:00.000000000 +0200
@@ -157,6 +157,8 @@ typedef struct {
char *chroot_directory;
char *revoked_keys_file;
@@ -2746,8 +2762,8 @@ diff -up openssh-5.5p1/servconf.h.pka op
void initialize_server_options(ServerOptions *);
diff -up openssh-5.5p1/sshd_config.0.pka openssh-5.5p1/sshd_config.0
---- openssh-5.5p1/sshd_config.0.pka 2010-05-06 15:49:13.000000000 +0200
-+++ openssh-5.5p1/sshd_config.0 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/sshd_config.0.pka 2010-05-12 21:53:53.000000000 +0200
++++ openssh-5.5p1/sshd_config.0 2010-05-12 21:54:00.000000000 +0200
@@ -352,7 +352,8 @@ DESCRIPTION
KbdInteractiveAuthentication, KerberosAuthentication,
MaxAuthTries, MaxSessions, PasswordAuthentication,
@@ -2777,8 +2793,8 @@ diff -up openssh-5.5p1/sshd_config.0.pka
Specifies whether rhosts or /etc/hosts.equiv authentication to-
gether with successful RSA host authentication is allowed. The
diff -up openssh-5.5p1/sshd_config.5.pka openssh-5.5p1/sshd_config.5
---- openssh-5.5p1/sshd_config.5.pka 2010-05-06 15:49:13.000000000 +0200
-+++ openssh-5.5p1/sshd_config.5 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/sshd_config.5.pka 2010-05-12 21:53:53.000000000 +0200
++++ openssh-5.5p1/sshd_config.5 2010-05-12 21:54:00.000000000 +0200
@@ -618,6 +618,9 @@ Available keywords are
.Cm KerberosAuthentication ,
.Cm MaxAuthTries ,
@@ -2807,8 +2823,8 @@ diff -up openssh-5.5p1/sshd_config.5.pka
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed.
diff -up openssh-5.5p1/sshd_config.pka openssh-5.5p1/sshd_config
---- openssh-5.5p1/sshd_config.pka 2010-05-06 15:49:13.000000000 +0200
-+++ openssh-5.5p1/sshd_config 2010-05-06 15:49:15.000000000 +0200
+--- openssh-5.5p1/sshd_config.pka 2010-05-12 21:53:53.000000000 +0200
++++ openssh-5.5p1/sshd_config 2010-05-12 21:54:00.000000000 +0200
@@ -45,6 +45,8 @@ SyslogFacility AUTHPRIV
#RSAAuthentication yes
#PubkeyAuthentication yes
@@ -2818,10 +2834,383 @@ diff -up openssh-5.5p1/sshd_config.pka o
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
+diff -up openssh-5.5p1/ssh-ldap.conf.5.pka openssh-5.5p1/ssh-ldap.conf.5
+--- openssh-5.5p1/ssh-ldap.conf.5.pka 2010-05-12 21:54:00.000000000 +0200
++++ openssh-5.5p1/ssh-ldap.conf.5 2010-05-13 13:33:27.000000000 +0200
+@@ -0,0 +1,369 @@
++.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
++.\"
++.\" Copyright (c) 2010 Jan F. Chadima. All rights reserved.
++.\"
++.\" Permission to use, copy, modify, and distribute this software for any
++.\" purpose with or without fee is hereby granted, provided that the above
++.\" copyright notice and this permission notice appear in all copies.
++.\"
++.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++.\"
++.Dd $Mdocdate: may 12 2010 $
++.Dt SSH-LDAP.CONF 5
++.Os
++.Sh NAME
++.Nm ssh-ldap.conf
++.Nd configuration file for ssh-ldap-helper
++.Sh SYNOPSIS
++.Nm /etc/ssh/ldap.conf
++.Sh DESCRIPTION
++.Xr ssh-ldap-helper 8
++reads configuration data from
++.Pa /etc/ssh/ldap.conf
++(or the file specified with
++.Fl f
++on the command line).
++The file contains keyword-argument pairs, one per line.
++Lines starting with
++.Ql #
++and empty lines are interpreted as comments.
++.Pp
++The value starts with the first non-blank character after
++the keyword's name, and terminates at the end of the line,
++or at the last sequence of blanks before the end of the line.
++Quoting values that contain blanks
++may be incorrect, as the quotes would become part of the value.
++The possible keywords and their meanings are as follows (note that
++keywords are case-insensitive and arguments, on a case by case basis, may be case-sensitive).
++.Bl -tag -width Ds
++.It Cm URI
++The argument(s) are in the form
++.Pa ldap[si]://[name[:port]]
++they specifies the URI(s) of an LDAP server(s) to which the
++.Xr ssh-ldap-helper 8
++should connect. The URI scheme may be any of
++.Dq ldap ,
++.Dq ldaps
++or
++.Dq ldapi ,
++which refer to LDAP over TCP, LDAP over SSL (TLS) and LDAP
++over IPC (UNIX domain sockets), respectively.
++Each server's name can be specified as a
++domain-style name or an IP address literal. Optionally, the
++server's name can followed by a ':' and the port number the LDAP
++server is listening on. If no port number is provided, the default
++port for the scheme is used (389 for ldap://, 636 for ldaps://).
++For LDAP over IPC, name is the name of the socket, and no port
++is required, nor allowed; note that directory separators must be
++URL-encoded, like any other characters that are special to URLs;
++A space separated list of URIs may be provided.
++There is no default.
++.It Cm Base
++Specifies the default base DN to use when performing ldap operations.
++The base must be specified as a Distinguished Name in LDAP format.
++There is no default.
++.It Cm BindDN
++Specifies the default bind DN to use when connecting to the ldap server.
++The bind DN must be specified as a Distinguished Name in LDAP format.
++There is no default.
++.It Cm BindPW
++Specifies the default password to use when connecting to the ldap server via
++.Cm BindDN .
++There is no default.
++.It Cm RootBindDN
++Intentionaly does nothing. Recognized for compatibility reasons.
++.It Cm Host
++The argument(s) specifies the name(s) of an LDAP server(s) to which the
++.Xr ssh-ldap-helper 8
++should connect. Each server's name can be specified as a
++domain-style name or an IP address and optionally followed by a ':' and
++the port number the ldap server is listening on. A space separated
++list of hosts may be provided.
++There is no default.
++.Cm Host
++is deprecated in favor of
++.Cm URI .
++.It Cm Port
++Specifies the default port used when connecting to LDAP servers(s).
++The port may be specified as a number.
++The default port is 389 for ldap:// or 636 for ldaps:// respectively.
++.Cm Port
++is deprecated in favor of
++.Cm URI .
++.It Cm Scope
++Specifies the starting point of an LDAP search and the depth from the base DN to which the search should occur.
++There are three options (values) that can be assigned to the
++.Cm Scope parameter:
++.Dq base ,
++.Dq one
++and
++.Dq subtree .
++Alias for the subtree is
++.Dq sub .
++The value
++.Dq base
++is used to indicate searching only the entry at the base DN, resulting in only that entry being returned (keeping in mind that it also has to meet the search filter criteria!).
++The value
++.Dq one
++is used to indicate searching all entries one level under the base DN - but not including the base DN and not including any entries under that one level under the base DN.
++The value
++.Dq subtree
++is used to indicate searching of all entries at all levels under and including the specified base DN.
++The default is
++.Dq subtree .
++.It Cm Deref
++Specifies how alias dereferencing is done when performing a search. There are four
++possible values that can be assigned to the
++.Cm Deref
++parameter:
++.Dq never ,
++.Dq searching ,
++.Dq finding ,
++and
++.Dq always .
++The value
++.Dq never
++means that the aliases are never dereferenced.
++The value
++.Dq searching
++means that the aliases are dereferenced in subordinates of the base object, but
++not in locating the base object of the search.
++The value
++.Dq finding
++means that the aliases are only dereferenced when locating the base object of the search.
++The value
++.Dq always .
++means that the aliases are dereferenced both in searching and in locating the base object
++of the search.
++The default is
++.Dq never .
++.It Cm TimeLimit
++Specifies a time limit (in seconds) to use when performing searches.
++The number should be a non-negative integer.
++.Cm TimeLimit
++of zero (0) specifies unlimited search time to be used. Please note that the server
++may still apply any server-side limit on the duration of a search operation.
++The default value is 10.
++.It Cm TimeOut
++Is an aliast to
++.Cm TimeLimit .
++.It Cm Bind_TimeLimit
++Specifies the timeout (in seconds) after which the poll(2)/select(2)
++following a connect(2) returns in case of no activity.
++The default value is 10.
++.It Cm Network_TimeOut
++Is an alias to
++.Cm Bind_TimeLimit .
++.It Cm Ldap_Version
++Specifies what version of the LDAP protocol should be used.
++The allowed values are 2 or 3. The default is 3.
++.It Cm Version
++Is an alias to
++.Cm Ldap_Version .
++.It Cm Bind_Policy
++Specifies the policy to use for reconnecting to an unavailable LDAP server. There are 2 awailable values:
++.Dq hard
++and
++.Dq soft.
++.Dq hard have 2 aliases
++.Dq hard_open
++and
++.Dq hard_init .
++The value
++.Dq hard
++means reconects that the
++Xr ssh-ldap-helper 8
++tries to reconnect to the LDAP server 5 times before failure. There is exponential backoff before retrying.
++The value
++.Dq soft
++means that
++Xr ssh-ldap-helper 8
++fails immediatelly when cannot connect to the LDAP seerver.
++The deault is
++.Dq hard .
++.It Cm SSLPath
++Specifies the path to the X.509 certificate database.
++There is no default.
++.It Cm SSL
++Specifies whether to use SSL/TLS or not.
++There are three alloved values:
++.Dq yes ,
++.Dq no
++and
++.Dq start_tls
++.Dq true
++and
++.Dq on
++are the aliases for
++.Dq yes .
++.Dq false
++and
++.Dq off
++are the aliases for
++.Dq no .
++If start_tls is specified then StartTLS is used rather than raw LDAP over SSL.
++The default is
++.Dq start_tls
++for the ldap://
++.Dq yes
++for the ldaps://
++and
++.Dq no
++for the ldapi:// .
++In case of host based configuration the default is
++.Dq start_tls .
++.It Cm Referrals
++Specifies if the client should automatically follow referrals returned
++by LDAP servers.
++The value can be or
++.Dq yes
++or
++.Dq no .
++.Dq true
++and
++.Dq on
++are the aliases for
++.Dq yes .
++.Dq false
++and
++.Dq off
++are the aliases for
++.Dq no .
++The default is yes.
++.It Cm Restart
++Specifies whether the LDAP client library should restart the select(2) system call when interrupted.
++The value can be or
++.Dq yes
++or
++.Dq no .
++.Dq true
++and
++.Dq on
++are the aliases for
++.Dq yes .
++.Dq false
++and
++.Dq off
++are the aliases for
++.Dq no .
++The default is yes.
++.It Cm TLS_CheckPeer
++Specifies what checks to perform on server certificates in a TLS session,
++if any. The value
++can be specified as one of the following keywords:
++.Dq never ,
++.Dq hard ,
++.Dq demand ,
++.Dq allow
++and
++.Dq try .
++.Dq true ,
++.Dq on
++and
++.Dq yes
++are the aliases for
++.Dq hard .
++.Dq false ,
++.Dq off
++and
++.Dq no
++are the aliases for
++.Dq never .
++The value
++.Dq never
++means that the client will not request or check any server certificate.
++The value
++.Dq allow
++means that the server certificate is requested. If no certificate is provided,
++the session proceeds normally. If a bad certificate is provided, it will
++be ignored and the session proceeds normally.
++The value
++.Dq try
++means that the server certificate is requested. If no certificate is provided,
++the session proceeds normally. If a bad certificate is provided,
++the session is immediately terminated.
++The value
++.Dq demand
++Means that the server certificate is requested. If no
++certificate is provided, or a bad certificate is provided, the session
++is immediately terminated.
++The value
++.Dq hard
++is the same as
++.Dq demand .
++It requires the SSL connection. In the case of the plain conection the
++session is immediately terminated.
++The default is
++.Dq hard .
++.It Cm TLS_ReqCert
++Is an alias for
++.Cm TLS_CheckPeer .
++.It Cm TLS_CACertFile
++Specifies the file that contains certificates for all of the Certificate
++Authorities the client will recognize.
++There is no default.
++.It Cm TLS_CACert
++Is an alias for
++.Cm TLS_CACertFile .
++.It Cm TLS_CACertDIR
++Specifies the path of a directory that contains Certificate Authority
++certificates in separate individual files. The
++.Cm TLS_CACert
++is always used before
++.Cm TLS_CACertDir .
++The specified directory must be managed with the OpenSSL c_rehash utility.
++There is no default.
++.It Cm TLS_Ciphers
++Specifies acceptable cipher suite and preference order.
++The value should be a cipher specification for OpenSSL,
++e.g.,
++.Dq HIGH:MEDIUM:+SSLv2 .
++The default is
++.Dq ALL .
++.It Cm TLS_Cipher_Suite
++Is an alias for
++.Cm TLS_Ciphers .
++.It Cm TLS_Cert
++Specifies the file that contains the client certificate.
++There is no default.
++.It Cm TLS_Certificate
++Is an alias for
++.Cm TLS_Cert .
++.It Cm TLS_Key
++Specifies the file that contains the private key that matches the certificate
++stored in the
++.Cm TLS_Cert
++file. Currently, the private key must not be protected with a password, so
++it is of critical importance that the key file is protected carefully.
++There is no default.
++.It Cm TLS_RandFile
++Specifies the file to obtain random bits from when /dev/[u]random is
++not available. Generally set to the name of the EGD/PRNGD socket.
++The environment variable RANDFILE can also be used to specify the filename.
++There is no default.
++.It Cm LogDir
++Specifies the directory used for logging by the LDAP client library.
++There is no default.
++.It Cm Debug
++Specifies the debug level used for logging by the LDAP client library.
++There is no default.
++.Sh FILES
++.Bl -tag -width Ds
++.It Pa /etc/ssh/ldap.conf
++Ldap configuration file for
++.Xr ssh-ldap-helper 8 .
++.Sh "SEE ALSO"
++.Xr ldap.conf 5 ,
++.Xr ssh-ldap-helper 8
++.Sh HISTORY
++.Nm
++first appeared in
++OpenSSH 5.5 + PKA-LDAP .
++.Sh AUTHORS
++.An Jan F. Chadima Aq jchadima at redhat.com
diff -up openssh-5.5p1/ssh-ldap-helper.8.pka openssh-5.5p1/ssh-ldap-helper.8
---- openssh-5.5p1/ssh-ldap-helper.8.pka 2010-05-06 15:49:15.000000000 +0200
-+++ openssh-5.5p1/ssh-ldap-helper.8 2010-05-06 15:49:15.000000000 +0200
-@@ -0,0 +1,78 @@
+--- openssh-5.5p1/ssh-ldap-helper.8.pka 2010-05-12 21:54:00.000000000 +0200
++++ openssh-5.5p1/ssh-ldap-helper.8 2010-05-13 07:32:13.000000000 +0200
+@@ -0,0 +1,79 @@
+.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
+.\"
+.\" Copyright (c) 2010 Jan F. Chadima. All rights reserved.
@@ -2878,7 +3267,7 @@ diff -up openssh-5.5p1/ssh-ldap-helper.8
+.Nm
+halt when an unknown item is found in the ldap.conf file.
+.It Fl f
-+Default /etc/ldap.conf.
++Default /etc/ssh/ldap.conf.
+.Nm
+uses this file as a ldap configuration file.
+.It Fl s
@@ -2894,6 +3283,7 @@ diff -up openssh-5.5p1/ssh-ldap-helper.8
+.Sh SEE ALSO
+.Xr sshd 8 ,
+.Xr sshd_config 5 ,
++.Xr ssh_ldap.conf 5 ,
+.Sh HISTORY
+.Nm
+first appeared in
Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.210
retrieving revision 1.211
diff -u -p -r1.210 -r1.211
--- openssh.spec 6 May 2010 14:01:16 -0000 1.210
+++ openssh.spec 13 May 2010 13:53:16 -0000 1.211
@@ -70,7 +70,7 @@
%endif
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
-%define openssh_rel 8
+%define openssh_rel 9
%define openssh_ver 5.5p1
%define pam_ssh_agent_rel 26
%define pam_ssh_agent_ver 0.9.2
@@ -285,22 +285,22 @@ popd
%endif
%patch20 -p1 -b .pka
-%patch23 -p1 -b .keygen
-%patch24 -p1 -b .fromto-remote
-%patch27 -p1 -b .log-chroot
-%patch30 -p1 -b .exit-deadlock
-%patch35 -p1 -b .progress
-%patch38 -p1 -b .grab-info
-%patch44 -p1 -b .ip-opts
-%patch49 -p1 -b .canohost
-%patch62 -p1 -b .manpage
-%patch65 -p1 -b .fips
-%patch69 -p1 -b .selabel
-%patch71 -p1 -b .edns
-%patch73 -p1 -b .gsskex
-%patch74 -p1 -b .randclean
-%patch76 -p1 -b .staterr
-%patch77 -p1 -b .stderr
+#%patch23 -p1 -b .keygen
+#%patch24 -p1 -b .fromto-remote
+#%patch27 -p1 -b .log-chroot
+#%patch30 -p1 -b .exit-deadlock
+#%patch35 -p1 -b .progress
+#%patch38 -p1 -b .grab-info
+#%patch44 -p1 -b .ip-opts
+#%patch49 -p1 -b .canohost
+#%patch62 -p1 -b .manpage
+#%patch65 -p1 -b .fips
+#%patch69 -p1 -b .selabel
+#%patch71 -p1 -b .edns
+#%patch73 -p1 -b .gsskex
+#%patch74 -p1 -b .randclean
+#%patch76 -p1 -b .staterr
+#%patch77 -p1 -b .stderr
autoreconf
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@@ -558,6 +558,7 @@ fi
%doc README.lpk lpk-user-example.txt openssh-lpk-openldap.schema openssh-lpk-sun.schema
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-helper
%attr(0644,root,root) %{_mandir}/man8/ssh-ldap-helper.8*
+%attr(0644,root,root) %{_mandir}/man5/ssh-ldap.conf.5*
%endif
%if ! %{no_gnome_askpass}
@@ -577,6 +578,10 @@ fi
%endif
%changelog
+* Thu May 13 2010 Jan F. Chadima <jchadima at redhat.com> - 5.5p1-9 + 0.9.2-26
+- Make the Ldap configuration widely compatible
+- create the aditional docs for LDAP support.
+
* Thu May 6 2010 Jan F. Chadima <jchadima at redhat.com> - 5.5p1-8 + 0.9.2-26
- Make LDAP config elements TLS_CACERT and TLS_REQCERT compatiple with pam_ldap (#589360)
- Previous message: rpms/quake3/F-12 quake3.spec,1.18,1.19
- Next message: rpms/virtuoso-opensource/F-11 .cvsignore, 1.4, 1.5 sources, 1.4, 1.5 virtuoso-opensource.spec, 1.4, 1.5 virtuoso-opensource-5.0.11-openssl.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list