[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#401483: openssh-client: support -K option

Package: openssh-client
Version: 1:4.3p2-6
Severity: wishlist
Tags: patch

The attached patch adds support for the -K option, which enables GSSAPI
credential delegation even if it's normally disabled in the configuration.
It's the converse of -k (and more useful).  This flag is already supported
by ssh-krb5.

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages openssh-client depends on:
ii  adduser  3.99                            Add and remove users and groups
ii  debconf  1.5.8                           Debian configuration management sy
ii  dpkg     1.13.24                         package maintenance system for Deb
ii  libc6    2.3.6.ds1-8                     GNU C Library: Shared libraries
ii  libcomer 1.39+1.40-WIP-2006.11.14+dfsg-1 common error description library
ii  libedit2 2.9.cvs.20050518-2.2            BSD editline and history libraries
ii  libkrb53 1.4.4-4su1                      MIT Kerberos runtime libraries
ii  libncurs 5.5-5                           Shared libraries for terminal hand
ii  libssl0. 0.9.8c-3                        SSL shared libraries
ii  passwd   1:4.0.18.1-5                    change and administer password and
ii  zlib1g   1:1.2.3-13                      compression library - runtime

openssh-client recommends no packages.

-- no debconf information

diff -ru openssh-4.3p2.orig/ssh.1 openssh-4.3p2/ssh.1
--- openssh-4.3p2.orig/ssh.1	2006-12-03 11:28:54.000000000 -0800
+++ openssh-4.3p2/ssh.1	2006-12-03 11:31:16.000000000 -0800
@@ -43,7 +43,7 @@
 .Nd OpenSSH SSH client (remote login program)
 .Sh SYNOPSIS
 .Nm ssh
-.Op Fl 1246AaCfgkMNnqsTtVvXxY
+.Op Fl 1246AaCfgKkMNnqsTtVvXxY
 .Op Fl b Ar bind_address
 .Op Fl c Ar cipher_spec
 .Oo Fl D\ \&
@@ -314,6 +314,8 @@
 .Fl i
 options (and multiple identities specified in
 configuration files).
+.It Fl K
+Enables forwarding (delegation) of GSSAPI credentials to the server.
 .It Fl k
 Disables forwarding (delegation) of GSSAPI credentials to the server.
 .It Fl L Xo
diff -ru openssh-4.3p2.orig/ssh.c openssh-4.3p2/ssh.c
--- openssh-4.3p2.orig/ssh.c	2006-12-03 11:28:54.000000000 -0800
+++ openssh-4.3p2/ssh.c	2006-12-03 11:30:47.000000000 -0800
@@ -157,7 +157,7 @@
 usage(void)
 {
 	fprintf(stderr,
-"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
+"usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
 "           [-D [bind_address:]port] [-e escape_char] [-F configfile]\n"
 "           [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
 "           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
@@ -244,7 +244,7 @@
 
 again:
 	while ((opt = getopt(ac, av,
-	    "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) {
+	    "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
 		switch (opt) {
 		case '1':
 			options.protocol = SSH_PROTO_1;
@@ -298,6 +298,9 @@
 		case 'k':
 			options.gss_deleg_creds = 0;
 			break;
+		case 'K':
+			options.gss_deleg_creds = 1;
+			break;
 		case 'i':
 			if (stat(optarg, &st) < 0) {
 				fprintf(stderr, "Warning: Identity file %s "
Reply to: