The client should forward krb5 ticket to the server only if krb5 authentication was done. Otherwise the krb5 session keys are not set properly and creating of the credentials to delegate fails. Likewise, the server should accept delegation of krb5 ticket only if the client has authenticated by means of krb5. Current code coredumps (both client and server) without this patch.
Created attachment 185 [details] Don't delegate/accept delegated ticket if krb5 authentication hasn't been done
*** Bug 455 has been marked as a duplicate of this bug. ***
krb5 has been replaced by gssapi-with-mic, is this still relevant?
The patch fixes the ticket handling in auth-krb5.c (implementing the server part of krb5 support in ssh v.1) and in sshconnect1.c (client part for krb5 in ssh1). If you removed the auth-krb5.c file from current release and the krb5 part from the sshconnect1.c the patch is certainly not needed any more. It has nothing in common with the new GSS stuff.
Simon Wilkinson advises that the code referred to here has been removed and it is not applicable to the new gssapi code.
Mass change of RESOLVED bugs to CLOSED