static int
krb5_init(void *context)
{
-@@ -157,7 +171,7 @@ auth_krb5_password(Authctxt *authctxt, c
+@@ -146,7 +160,7 @@ auth_krb5_password(Authctxt *authctxt, c
if (problem)
goto out;
/* Initialise the krb5 library, for the stuff that GSSAPI won't do */
@@ -97,7 +98,7 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client
- krb5_get_err_text(krb_context, retval));
+ krb5_free_error_message(krb_context, errmsg);
return 0;
}
- if (krb5_kuserok(krb_context, princ, name)) {
+ options->use_kuserok = -1;
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
- options->zero_knowledge_password_authentication = -1;
+ options->authorized_keys_command = NULL;
@@ -291,6 +292,8 @@ fill_default_server_options(ServerOption
if (use_privsep == -1)
- use_privsep = 1;
+ use_privsep = PRIVSEP_NOSANDBOX;
+ if (options->use_kuserok == -1)
+ options->use_kuserok = 1;
M_CP_INTOPT(rekey_interval);
+ M_CP_INTOPT(use_kuserok);
- M_CP_STROPT(banner);
- if (preauth)
+ /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
+ #define M_CP_STROPT(n) do {\
@@ -1764,6 +1774,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sUseDNS, o->use_dns);
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
+.Cm KerberosUseKuserok ,
.Cm MaxAuthTries ,
.Cm MaxSessions ,
- .Cm PubkeyAuthentication ,
+ .Cm PasswordAuthentication ,
diff -up openssh-5.8p1/sshd_config.kuserok openssh-5.8p1/sshd_config
--- openssh-5.8p1/sshd_config.kuserok 2011-02-14 09:15:12.000000000 +0100
+++ openssh-5.8p1/sshd_config 2011-02-14 09:15:12.000000000 +0100
TLD / packages / openssh.git / commitdiff