Bug#401483: openssh-client: support -K option
Package: openssh-client
Version: 1:4.3p2-6
Severity: wishlist
Tags: patch
The attached patch adds support for the -K option, which enables GSSAPI
credential delegation even if it's normally disabled in the configuration.
It's the converse of -k (and more useful). This flag is already supported
by ssh-krb5.
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages openssh-client depends on:
ii adduser 3.99 Add and remove users and groups
ii debconf 1.5.8 Debian configuration management sy
ii dpkg 1.13.24 package maintenance system for Deb
ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries
ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-1 common error description library
ii libedit2 2.9.cvs.20050518-2.2 BSD editline and history libraries
ii libkrb53 1.4.4-4su1 MIT Kerberos runtime libraries
ii libncurs 5.5-5 Shared libraries for terminal hand
ii libssl0. 0.9.8c-3 SSL shared libraries
ii passwd 1:4.0.18.1-5 change and administer password and
ii zlib1g 1:1.2.3-13 compression library - runtime
openssh-client recommends no packages.
-- no debconf information
diff -ru openssh-4.3p2.orig/ssh.1 openssh-4.3p2/ssh.1
--- openssh-4.3p2.orig/ssh.1 2006-12-03 11:28:54.000000000 -0800
+++ openssh-4.3p2/ssh.1 2006-12-03 11:31:16.000000000 -0800
@@ -43,7 +43,7 @@
.Nd OpenSSH SSH client (remote login program)
.Sh SYNOPSIS
.Nm ssh
-.Op Fl 1246AaCfgkMNnqsTtVvXxY
+.Op Fl 1246AaCfgKkMNnqsTtVvXxY
.Op Fl b Ar bind_address
.Op Fl c Ar cipher_spec
.Oo Fl D\ \&
@@ -314,6 +314,8 @@
.Fl i
options (and multiple identities specified in
configuration files).
+.It Fl K
+Enables forwarding (delegation) of GSSAPI credentials to the server.
.It Fl k
Disables forwarding (delegation) of GSSAPI credentials to the server.
.It Fl L Xo
diff -ru openssh-4.3p2.orig/ssh.c openssh-4.3p2/ssh.c
--- openssh-4.3p2.orig/ssh.c 2006-12-03 11:28:54.000000000 -0800
+++ openssh-4.3p2/ssh.c 2006-12-03 11:30:47.000000000 -0800
@@ -157,7 +157,7 @@
usage(void)
{
fprintf(stderr,
-"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
+"usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
" [-D [bind_address:]port] [-e escape_char] [-F configfile]\n"
" [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
@@ -244,7 +244,7 @@
again:
while ((opt = getopt(ac, av,
- "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) {
+ "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
switch (opt) {
case '1':
options.protocol = SSH_PROTO_1;
@@ -298,6 +298,9 @@
case 'k':
options.gss_deleg_creds = 0;
break;
+ case 'K':
+ options.gss_deleg_creds = 1;
+ break;
case 'i':
if (stat(optarg, &st) < 0) {
fprintf(stderr, "Warning: Identity file %s "
Reply to: