| Summary: | privsep break KRB4 auth, KRB4 TGT forwarding and AFS token forwarding | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Jan Iven <jan.iven> | ||||||||
| Component: | sshd | Assignee: | OpenSSH Bugzilla mailing list <openssh-bugs> | ||||||||
| Status: | CLOSED FIXED | ||||||||||
| Severity: | normal | ||||||||||
| Priority: | P2 | ||||||||||
| Version: | -current | ||||||||||
| Hardware: | All | ||||||||||
| OS: | All | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Jan Iven
2002-06-30 09:17:43 AEST
Created attachment 125 [details]
KRB4/KRB5/AFS with privsep
Created attachment 128 [details]
KRB4/5 auth with privsep
(neither TGT forwarding nor AFS tokens needs privsep), reduced to just KRB4/5 auth. I suspect that KerberosPassword will be slightly broken since the ticket file name does not go back to the session environment. To be confirmed, I am using PAM now. Created attachment 130 [details]
(fixing a "xfree" of an uninitialized buffer, in case KRB4 auth fails)
KRB4 and AFS support has been dropped, and the KRB5 support has been overhauled. Should this bug be closed? Yes, this appears to be fixed (at least for Kerberos5). Since you have dropped support for Kerberos4/AFS, I guess we will have to maintain the rest of it ourselves, so it is no longer relevant to bugzilla.. Still, nice to see the GSSAPI stuff going in. Yes, if I have time I will prepare a Krb4 patch around the time of the release. An interested party is welcome to maintain this as a 3rd party patch Mass change of RESOLVED bugs to CLOSED |