[openssh] revert the default of KerberosUseKuserok back to yes (#1153076)
Petr Lautrbach
plautrba at fedoraproject.org
Sun Oct 26 21:36:17 UTC 2014
commit 1ba984dcf2d563633b34592df81a381da76cd791
Author: Petr Lautrbach <plautrba at redhat.com>
Date: Fri Oct 24 19:59:55 2014 +0200
revert the default of KerberosUseKuserok back to yes (#1153076)
openssh-6.6p1-kuserok.patch | 58 +++++++++++++++++++++++--------------------
1 files changed, 31 insertions(+), 27 deletions(-)
---
diff --git a/openssh-6.6p1-kuserok.patch b/openssh-6.6p1-kuserok.patch
index d2d07b6..fc545c4 100644
--- a/openssh-6.6p1-kuserok.patch
+++ b/openssh-6.6p1-kuserok.patch
@@ -52,10 +52,11 @@ diff -up openssh-6.6p1/gss-serv-krb5.c.kuserok openssh-6.6p1/gss-serv-krb5.c
retval = 1;
logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
name, (char *)client->displayname.value);
-diff -up openssh-6.6p1/servconf.c.kuserok openssh-6.6p1/servconf.c
---- openssh-6.6p1/servconf.c.kuserok 2014-05-07 10:35:30.783053881 +0200
-+++ openssh-6.6p1/servconf.c 2014-05-07 10:39:13.133189061 +0200
-@@ -157,6 +157,7 @@ initialize_server_options(ServerOptions
+diff --git a/servconf.c b/servconf.c
+index 68fb9ef..904c869 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -157,6 +157,7 @@ initialize_server_options(ServerOptions *options)
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->version_addendum = NULL;
@@ -63,12 +64,12 @@ diff -up openssh-6.6p1/servconf.c.kuserok openssh-6.6p1/servconf.c
}
void
-@@ -312,6 +313,8 @@ fill_default_server_options(ServerOption
+@@ -312,6 +313,8 @@ fill_default_server_options(ServerOptions *options)
options->version_addendum = xstrdup("");
if (options->show_patchlevel == -1)
options->show_patchlevel = 0;
+ if (options->use_kuserok == -1)
-+ options->use_kuserok = 0;
++ options->use_kuserok = 1;
/* Turn privilege separation on by default */
if (use_privsep == -1)
@@ -95,7 +96,7 @@ diff -up openssh-6.6p1/servconf.c.kuserok openssh-6.6p1/servconf.c
#endif
{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
-@@ -1526,6 +1531,10 @@ process_server_config_line(ServerOptions
+@@ -1526,6 +1531,10 @@ process_server_config_line(ServerOptions *options, char *line,
*activep = value;
break;
@@ -106,7 +107,7 @@ diff -up openssh-6.6p1/servconf.c.kuserok openssh-6.6p1/servconf.c
case sPermitOpen:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
-@@ -1811,6 +1820,7 @@ copy_set_server_options(ServerOptions *d
+@@ -1811,6 +1820,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(max_authtries);
M_CP_INTOPT(ip_qos_interactive);
M_CP_INTOPT(ip_qos_bulk);
@@ -122,9 +123,10 @@ diff -up openssh-6.6p1/servconf.c.kuserok openssh-6.6p1/servconf.c
/* string arguments */
dump_cfg_string(sPidFile, o->pid_file);
-diff -up openssh-6.6p1/servconf.h.kuserok openssh-6.6p1/servconf.h
---- openssh-6.6p1/servconf.h.kuserok 2014-05-07 10:35:30.783053881 +0200
-+++ openssh-6.6p1/servconf.h 2014-05-07 10:35:30.802053808 +0200
+diff --git a/servconf.h b/servconf.h
+index 37cfa9b..5117dfa 100644
+--- a/servconf.h
++++ b/servconf.h
@@ -173,6 +173,7 @@ typedef struct {
int num_permitted_opens;
@@ -133,17 +135,30 @@ diff -up openssh-6.6p1/servconf.h.kuserok openssh-6.6p1/servconf.h
char *chroot_directory;
char *revoked_keys_file;
char *trusted_user_ca_keys;
-diff -up openssh-6.6p1/sshd_config.5.kuserok openssh-6.6p1/sshd_config.5
---- openssh-6.6p1/sshd_config.5.kuserok 2014-05-07 10:35:30.786053870 +0200
-+++ openssh-6.6p1/sshd_config.5 2014-05-07 10:43:04.784285016 +0200
-@@ -697,6 +697,10 @@ Specifies whether to automatically destr
+diff --git a/sshd_config b/sshd_config
+index adfd7b1..e772ed5 100644
+--- a/sshd_config
++++ b/sshd_config
+@@ -87,6 +87,7 @@ ChallengeResponseAuthentication no
+ #KerberosOrLocalPasswd yes
+ #KerberosTicketCleanup yes
+ #KerberosGetAFSToken no
++#KerberosUseKuserok yes
+
+ # GSSAPI options
+ GSSAPIAuthentication yes
+diff --git a/sshd_config.5 b/sshd_config.5
+index 1fb002d..e0e5fff 100644
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -697,6 +697,10 @@ Specifies whether to automatically destroy the user's ticket cache
file on logout.
The default is
.Dq yes .
+.It Cm KerberosUseKuserok
+Specifies whether to look at .k5login file for user's aliases.
+The default is
-+.Dq no .
++.Dq yes .
.It Cm KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms.
Multiple algorithms must be comma-separated.
@@ -155,14 +170,3 @@ diff -up openssh-6.6p1/sshd_config.5.kuserok openssh-6.6p1/sshd_config.5
.Cm MaxAuthTries ,
.Cm MaxSessions ,
.Cm PasswordAuthentication ,
-diff -up openssh-6.6p1/sshd_config.kuserok openssh-6.6p1/sshd_config
---- openssh-6.6p1/sshd_config.kuserok 2014-05-07 10:35:30.803053804 +0200
-+++ openssh-6.6p1/sshd_config 2014-05-07 10:38:30.735354431 +0200
-@@ -87,6 +87,7 @@ ChallengeResponseAuthentication no
- #KerberosOrLocalPasswd yes
- #KerberosTicketCleanup yes
- #KerberosGetAFSToken no
-+#KerberosUseKuserok no
-
- # GSSAPI options
- GSSAPIAuthentication yes
More information about the scm-commits
mailing list