[servconf.c sshd.8 sshd_config]
     do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
This commit is contained in:
Damien Miller 2002-04-23 21:04:51 +10:00
parent 635fe98a7f
commit d7de14b6ad
4 changed files with 10 additions and 8 deletions

View File

@ -21,6 +21,9 @@
- markus@cvs.openbsd.org 2002/04/22 06:15:47 - markus@cvs.openbsd.org 2002/04/22 06:15:47
[radix.c] [radix.c]
fix check for overflow fix check for overflow
- markus@cvs.openbsd.org 2002/04/22 16:16:53
[servconf.c sshd.8 sshd_config]
do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
20020421 20020421
- (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0). - (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0).
@ -8287,4 +8290,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.2068 2002/04/23 11:00:33 djm Exp $ $Id: ChangeLog,v 1.2069 2002/04/23 11:04:51 djm Exp $

View File

@ -10,7 +10,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: servconf.c,v 1.106 2002/04/20 09:02:03 deraadt Exp $"); RCSID("$OpenBSD: servconf.c,v 1.107 2002/04/22 16:16:53 markus Exp $");
#if defined(KRB4) #if defined(KRB4)
#include <krb.h> #include <krb.h>
@ -200,7 +200,7 @@ fill_default_server_options(ServerOptions *options)
options->pubkey_authentication = 1; options->pubkey_authentication = 1;
#if defined(KRB4) || defined(KRB5) #if defined(KRB4) || defined(KRB5)
if (options->kerberos_authentication == -1) if (options->kerberos_authentication == -1)
options->kerberos_authentication = (access(KEYFILE, R_OK) == 0); options->kerberos_authentication = 0;
if (options->kerberos_or_local_passwd == -1) if (options->kerberos_or_local_passwd == -1)
options->kerberos_or_local_passwd = 1; options->kerberos_or_local_passwd = 1;
if (options->kerberos_ticket_cleanup == -1) if (options->kerberos_ticket_cleanup == -1)

4
sshd.8
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd.8,v 1.177 2002/04/21 16:19:27 stevesk Exp $ .\" $OpenBSD: sshd.8,v 1.178 2002/04/22 16:16:53 markus Exp $
.Dd September 25, 1999 .Dd September 25, 1999
.Dt SSHD 8 .Dt SSHD 8
.Os .Os
@ -571,7 +571,7 @@ the Kerberos KDC.
To use this option, the server needs a To use this option, the server needs a
Kerberos servtab which allows the verification of the KDC's identity. Kerberos servtab which allows the verification of the KDC's identity.
Default is Default is
.Dq yes . .Dq no .
.It Cm KerberosOrLocalPasswd .It Cm KerberosOrLocalPasswd
If set then if password authentication through Kerberos fails then If set then if password authentication through Kerberos fails then
the password will be validated via any additional local mechanism the password will be validated via any additional local mechanism

View File

@ -1,4 +1,4 @@
# $OpenBSD: sshd_config,v 1.50 2002/04/21 16:19:27 stevesk Exp $ # $OpenBSD: sshd_config,v 1.51 2002/04/22 16:16:53 markus Exp $
# This is the sshd server system-wide configuration file. See sshd(8) # This is the sshd server system-wide configuration file. See sshd(8)
# for more information. # for more information.
@ -60,8 +60,7 @@
#ChallengeResponseAuthentication yes #ChallengeResponseAuthentication yes
# Kerberos options # Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists #KerberosAuthentication no
#KerberosAuthentication yes
#KerberosOrLocalPasswd yes #KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes #KerberosTicketCleanup yes