Bugzilla – Attachment 2889 Details for
Bug 2637
GSSAPIStrictAcceptorCheck should default to 'yes'
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
GSSAPIStrictAcceptorCheck=yes by default
strictacceptor.patch.txt (text/plain), 1.14 KB, created by
Tomas Kuthan
on 2016-11-10 01:56:01 AEDT
(
hide
)
Description:
GSSAPIStrictAcceptorCheck=yes by default
Filename:
MIME Type:
Creator:
Tomas Kuthan
Created:
2016-11-10 01:56:01 AEDT
Size:
1.14 KB
patch
obsolete
>From 117c90d9e2bab100c260dfbf7356cdb54b42e1ff Mon Sep 17 00:00:00 2001 >From: Tomas Kuthan <tkuthan@gmail.com> >Date: Wed, 9 Nov 2016 15:19:06 +0100 >Subject: [PATCH] GSSAPIStrictAcceptorCheck should default to yes > >When GSSAPIStrictAcceptorCheck is not explicitely specified in sshd_config, >the default value should be yes. It is documented in sshd_config(5) this >way and it preserves original behavior. > >Also GSSAPIStrictAcceptorCheck=no interacts poorly with GSSAPIKeyExchange, >where it make the server willing to negotiate GSS-API key exchange, although >no keytab was provided. >--- > servconf.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/servconf.c b/servconf.c >index a18ebb5..36d4b5f 100644 >--- a/servconf.c >+++ b/servconf.c >@@ -269,7 +269,7 @@ fill_default_server_options(ServerOptions *options) > if (options->gss_cleanup_creds == -1) > options->gss_cleanup_creds = 1; > if (options->gss_strict_acceptor == -1) >- options->gss_strict_acceptor = 0; >+ options->gss_strict_acceptor = 1; > if (options->password_authentication == -1) > options->password_authentication = 1; > if (options->kbd_interactive_authentication == -1) >-- >2.7.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2889">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
|
Diff
Attachments on
bug 2637
: 2889