Bug 1245

Summary: Add support for Darwin CCAPI
Product: Portable OpenSSH Reporter: Simon Wilkinson <simon>
Component: Kerberos supportAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: normal CC: djm
Priority: P2    
Version: -current   
Hardware: Other   
OS: All   
Attachments:
Description Flags
CCAPI support from Debian none

Description Simon Wilkinson 2006-10-03 06:02:58 AEST 
This patch adds support for the Darwin/Mac OS X 
CCAPI Kerberos credentials store - it's required in 
order to run an OpenSSH server with Kerberos 
support on this platform.
Comment 1 Simon Wilkinson 2006-10-03 06:16:06 AEST 
Created attachment 1197 [details]
CCAPI support from Debian
Comment 2 Damien Miller 2007-06-22 15:34:00 AEST 
Do the USE_CCAPI bits depend on the USE_SECURITY_SESSION_API bit or vice-versa?

Also, did CCAPI stuff come from Darwin or Debian? If from Darwin, we will need to ensure that it is appropriately licensed.
Comment 3 Simon Wilkinson 2007-06-22 17:56:16 AEST 
The USE_CCAPI bits currently depend on USE_SECURITY_SESSION_API (that is, you can't use the CCAPI unless you're in a valid security session)

License concerns are why I haven't yet suggested applying this patch.

I originally got this code from Sam Hartman at MIT - it's part of the Debian OpenSSH patch that he maintained at the time. However, I'm not sure of the original origin of the code, especially given the work MIT have done with Apple on Kerberos in Mac OS X, and I need to check that with Sam.

Historically, there are other patches for adding CCAPI support to OpenSSH that are definitely untainted. It's possible that we could start with one of those.
Comment 4 Damien Miller 2011-05-23 17:39:28 AEST 
ping. Did you ever get to the bottom of the license/code provenance?
Comment 5 Damien Miller 2020-01-26 00:21:32 AEDT 
no response in ~9 years == no bug
Comment 6 Damien Miller 2020-02-14 15:59:18 AEDT 
Closing all resolved bug with release of openssh-8.2