This patch adds support for the Darwin/Mac OS X CCAPI Kerberos credentials store - it's required in order to run an OpenSSH server with Kerberos support on this platform.
Created attachment 1197 [details] CCAPI support from Debian
Do the USE_CCAPI bits depend on the USE_SECURITY_SESSION_API bit or vice-versa? Also, did CCAPI stuff come from Darwin or Debian? If from Darwin, we will need to ensure that it is appropriately licensed.
The USE_CCAPI bits currently depend on USE_SECURITY_SESSION_API (that is, you can't use the CCAPI unless you're in a valid security session) License concerns are why I haven't yet suggested applying this patch. I originally got this code from Sam Hartman at MIT - it's part of the Debian OpenSSH patch that he maintained at the time. However, I'm not sure of the original origin of the code, especially given the work MIT have done with Apple on Kerberos in Mac OS X, and I need to check that with Sam. Historically, there are other patches for adding CCAPI support to OpenSSH that are definitely untainted. It's possible that we could start with one of those.
ping. Did you ever get to the bottom of the license/code provenance?
no response in ~9 years == no bug
Closing all resolved bug with release of openssh-8.2