if (problem)

	if (problem)

		goto out;

		goto out;

	}

	}

	problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);

	problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);

		    krb5_get_err_text(krb_context, retval));

		    krb5_get_err_text(krb_context, retval));

		return 0;

		return 0;

	}

	}

	krb5_free_principal(krb_context, princ);

	krb5_free_principal(krb_context, princ);

	return retval;

	return retval;

}

}

	options->revoked_keys_file = NULL;

	options->revoked_keys_file = NULL;

	options->trusted_user_ca_keys = NULL;

	options->trusted_user_ca_keys = NULL;

	options->authorized_principals_file = NULL;

	options->authorized_principals_file = NULL;

}

}

void

void

	if (use_privsep == -1)

	if (use_privsep == -1)

		use_privsep = 1;

		use_privsep = 1;

#ifndef HAVE_MMAP

#ifndef HAVE_MMAP

	if (use_privsep && options->compression == 1) {

	if (use_privsep && options->compression == 1) {

		error("This platform does not support both privilege "

		error("This platform does not support both privilege "

	sPermitRootLogin, sLogFacility, sLogLevel,

	sPermitRootLogin, sLogFacility, sLogLevel,

	sRhostsRSAAuthentication, sRSAAuthentication,

	sRhostsRSAAuthentication, sRSAAuthentication,

	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,

	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,

	sKerberosTgtPassing, sChallengeResponseAuthentication,

	sKerberosTgtPassing, sChallengeResponseAuthentication,

	sPasswordAuthentication, sKbdInteractiveAuthentication,

	sPasswordAuthentication, sKbdInteractiveAuthentication,

	sListenAddress, sAddressFamily,

	sListenAddress, sAddressFamily,

#else

#else

	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },

	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },

#endif

#endif

#else

#else

	{ "kerberosauthentication", sUnsupported, SSHCFG_ALL },

	{ "kerberosauthentication", sUnsupported, SSHCFG_ALL },

	{ "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },

	{ "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },

	{ "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },

	{ "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },

	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },

	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },

#endif

#endif

	{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },

	{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },

	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },

	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },

		*activep = value;

		*activep = value;

		break;

		break;

	case sPermitOpen:

	case sPermitOpen:

		arg = strdelim(&cp);

		arg = strdelim(&cp);

		if (!arg || *arg == '\0')

		if (!arg || *arg == '\0')

	M_CP_INTOPT(x11_use_localhost);

	M_CP_INTOPT(x11_use_localhost);

	M_CP_INTOPT(max_sessions);

	M_CP_INTOPT(max_sessions);

	M_CP_INTOPT(max_authtries);

	M_CP_INTOPT(max_authtries);

	M_CP_STROPT(banner);

	M_CP_STROPT(banner);

	if (preauth)

	if (preauth)

	dump_cfg_fmtint(sUseDNS, o->use_dns);

	dump_cfg_fmtint(sUseDNS, o->use_dns);

	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);

	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);

	dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);

	dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);

	/* string arguments */

	/* string arguments */

	dump_cfg_string(sPidFile, o->pid_file);

	dump_cfg_string(sPidFile, o->pid_file);

	int	num_permitted_opens;

	int	num_permitted_opens;

	char   *chroot_directory;

	char   *chroot_directory;

	char   *revoked_keys_file;

	char   *revoked_keys_file;

	char   *trusted_user_ca_keys;

	char   *trusted_user_ca_keys;

file on logout.

file on logout.

The default is

The default is

.Dq yes .

.Dq yes .

.It Cm KeyRegenerationInterval

.It Cm KeyRegenerationInterval

In protocol version 1, the ephemeral server key is automatically regenerated

In protocol version 1, the ephemeral server key is automatically regenerated

after this many seconds (if it has been used).

after this many seconds (if it has been used).

.Cm HostbasedUsesNameFromPacketOnly ,

.Cm HostbasedUsesNameFromPacketOnly ,

.Cm KbdInteractiveAuthentication ,

.Cm KbdInteractiveAuthentication ,

.Cm KerberosAuthentication ,

.Cm KerberosAuthentication ,

.Cm MaxAuthTries ,

.Cm MaxAuthTries ,

.Cm MaxSessions ,

.Cm MaxSessions ,

.Cm PubkeyAuthentication ,

.Cm PubkeyAuthentication ,

#KerberosOrLocalPasswd yes

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no

#KerberosGetAFSToken no

# GSSAPI options

# GSSAPI options

#GSSAPIAuthentication no

#GSSAPIAuthentication no