- djm@cvs.openbsd.org 2007/06/12 11:15:17

[ssh.c ssh.1]
     Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
     GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
     and is useful for hosts with /home on Kerberised NFS; bz #1312
     patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@

ChangeLog

@@ -23,6 +23,12 @@
      fix slave exit value when a control master goes away without passing the
      full exit status by ensuring that the slave reads a full int. bz#1261
      reported by frekko AT gmail.com; ok markus@ dtucker@
+   - djm@cvs.openbsd.org 2007/06/12 11:15:17
+     [ssh.c ssh.1]
+     Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
+     GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
+     and is useful for hosts with /home on Kerberised NFS; bz #1312
+     patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
 
 20070611
  - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit
@@ -3037,4 +3043,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4693 2007/06/12 13:41:33 dtucker Exp $
+$Id: ChangeLog,v 1.4694 2007/06/12 13:43:16 dtucker Exp $

ssh.1

@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.268 2007/06/07 19:37:34 pvalchev Exp $
+.\" $OpenBSD: ssh.1,v 1.269 2007/06/12 11:15:17 djm Exp $
-.Dd $Mdocdate: June 7 2007 $
+.Dd $Mdocdate: June 11 2007 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -315,6 +315,9 @@ It is possible to have multiple
 .Fl i
 options (and multiple identities specified in
 configuration files).
+.It Fl K
+Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI
+credentials to the server.
 .It Fl k
 Disables forwarding (delegation) of GSSAPI credentials to the server.
 .It Fl L Xo

ssh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.296 2007/06/12 11:11:08 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.297 2007/06/12 11:15:17 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -185,7 +185,7 @@ static void
 usage(void)
 {
 	fprintf(stderr,
-"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
+"usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
 "           [-D [bind_address:]port] [-e escape_char] [-F configfile]\n"
 "           [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
 "           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
@@ -272,7 +272,7 @@ main(int ac, char **av)
 
  again:
 	while ((opt = getopt(ac, av,
-	    "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) {
+	    "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
 		switch (opt) {
 		case '1':
 			options.protocol = SSH_PROTO_1;
@@ -326,6 +326,10 @@ main(int ac, char **av)
 		case 'k':
 			options.gss_deleg_creds = 0;
 			break;
+		case 'K':
+			options.gss_authentication = 1;
+			options.gss_deleg_creds = 1;
+			break;
 		case 'i':
 			if (stat(optarg, &st) < 0) {
 				fprintf(stderr, "Warning: Identity file %s "