Bugzilla – Attachment 642 Details for
Bug 688
PAM modules relying on module-private data (pam_dhkeys, pam_krb5, AFS) fail
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Forces Storage of Kerberos Credentials right after authentication via PAM
openssh-setcred.patch (text/plain), 2.67 KB, created by
Christian Pfaffel
on 2004-05-28 19:31:49 AEST
(
hide
)
Description:
Forces Storage of Kerberos Credentials right after authentication via PAM
Filename:
MIME Type:
Creator:
Christian Pfaffel
Created:
2004-05-28 19:31:49 AEST
Size:
2.67 KB
patch
obsolete
>--- openssh-3.8.1p1/auth-pam.c Sun Apr 18 03:00:26 2004 >+++ openssh-3.8.1p1/auth-pam.c Wed May 19 14:20:05 2004 >@@ -364,6 +364,8 @@ > goto auth_fail; > pam_password_change_required(0); > } >+ if (options.use_pam_setcred) >+ do_pam_setcred(1); > } > > buffer_put_cstring(&buffer, "OK"); >--- openssh-3.8.1p1/servconf.h Wed Dec 31 01:37:34 2003 >+++ openssh-3.8.1p1/servconf.h Wed May 19 14:11:16 2004 >@@ -125,6 +125,10 @@ > char *authorized_keys_file; /* File containing public keys */ > char *authorized_keys_file2; > int use_pam; /* Enable auth via PAM */ >+ int use_pam_setcred; /* >+ * Execute do_pam_setcred in the >+ * PAM authentication thread >+ */ > } ServerOptions; > > void initialize_server_options(ServerOptions *); >--- openssh-3.8.1p1/servconf.c Fri Jan 23 12:03:10 2004 >+++ openssh-3.8.1p1/servconf.c Wed May 19 14:09:02 2004 >@@ -41,6 +41,7 @@ > > /* Portable-specific options */ > options->use_pam = -1; >+ options->use_pam_setcred = -1; > > /* Standard Options */ > options->num_ports = 0; >@@ -113,6 +114,9 @@ > if (options->use_pam == -1) > options->use_pam = 0; > >+ if (options->use_pam_setcred == -1) >+ options->use_pam_setcred = 0; >+ > /* Standard Options */ > if (options->protocol == SSH_PROTO_UNKNOWN) > options->protocol = SSH_PROTO_1|SSH_PROTO_2; >@@ -248,6 +252,7 @@ > sBadOption, /* == unknown option */ > /* Portable-specific options */ > sUsePAM, >+ sUsePAMSetCred, > /* Standard Options */ > sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, > sPermitRootLogin, sLogFacility, sLogLevel, >@@ -279,8 +284,10 @@ > /* Portable-specific options */ > #ifdef USE_PAM > { "usepam", sUsePAM }, >+ { "usepamsetcred", sUsePAMSetCred }, > #else > { "usepam", sUnsupported }, >+ { "usepamsetcred", sUnsupported }, > #endif > { "pamauthenticationviakbdint", sDeprecated }, > /* Standard Options */ >@@ -447,6 +454,9 @@ > case sUsePAM: > intptr = &options->use_pam; > goto parse_flag; >+ case sUsePAMSetCred: >+ intptr = &options->use_pam_setcred; >+ goto parse_flag; > > /* Standard Options */ > case sBadOption: >--- openssh-3.8.1p1/sshd_config.5.~1~ Wed Apr 14 05:04:36 2004 >+++ openssh-3.8.1p1/sshd_config.5 Mon May 24 12:15:00 2004 >@@ -615,6 +615,14 @@ > .CM UsePAM > then you will not be able to run sshd as a non-root user. The default is > .Dq no . >+.It Cm UsePAMSetCred >+If PAM authentication (via challenge-response) is enabled using >+.Cm UsePAM >+you might want to enable this option to force storage of the >+credentials which are obtained in the authentication step. This is >+useful for situations where the password is validated through Kerberos >+via a PAM module. The default is >+.Dq no . > .It Cm UsePrivilegeSeparation > Specifies whether > .Nm sshd
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=642">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 688
:
434
| 642 |
643
|
1347