--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ssh-krb5: GSSAPI sshd_config logic still not quite right
- From: Russ Allbery <rra@debian.org>
- Date: Sat, 20 Jan 2007 19:12:44 -0800
- Message-id: <20070121031244.23362.21344.reportbug@windlord.stanford.edu>
Package: ssh-krb5
Version: 1:4.3p2-8
Severity: important
Tags: patch
The logic to enable GSSAPI when ssh-krb5 is installed still isn't quite
right. The sshd_config shipped with openssh-server not only has the
GSSAPI options commented out, it has GSSAPIAuthentication set to no.
When ssh-krb5 is installed, it should be set to yes.
Here's a patch.
Could a version with this fix and the fix in #404863 please be uploaded?
I really want to get these fixes into etch so that we have a smooth
transition. Let me know if I can help (via NMU for instance).
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
--- openssh-4.3p2/debian/ssh-krb5.postinst.orig 2007-01-19 17:59:29.000000000 -0800
+++ openssh-4.3p2/debian/ssh-krb5.postinst 2007-01-20 19:08:20.000000000 -0800
@@ -19,7 +19,7 @@
:
else
if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then
- perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b/$1/i' \
+ perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b.*/$1 yes/i' \
< /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
chown --reference /etc/ssh/sshd_config \
/etc/ssh/sshd_config.dpkg-new
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:4.3p2-9
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:
openssh-client-udeb_4.3p2-9_powerpc.udeb
to pool/main/o/openssh/openssh-client-udeb_4.3p2-9_powerpc.udeb
openssh-client_4.3p2-9_powerpc.deb
to pool/main/o/openssh/openssh-client_4.3p2-9_powerpc.deb
openssh-server-udeb_4.3p2-9_powerpc.udeb
to pool/main/o/openssh/openssh-server-udeb_4.3p2-9_powerpc.udeb
openssh-server_4.3p2-9_powerpc.deb
to pool/main/o/openssh/openssh-server_4.3p2-9_powerpc.deb
openssh_4.3p2-9.diff.gz
to pool/main/o/openssh/openssh_4.3p2-9.diff.gz
openssh_4.3p2-9.dsc
to pool/main/o/openssh/openssh_4.3p2-9.dsc
ssh-askpass-gnome_4.3p2-9_powerpc.deb
to pool/main/o/openssh/ssh-askpass-gnome_4.3p2-9_powerpc.deb
ssh-krb5_4.3p2-9_all.deb
to pool/main/o/openssh/ssh-krb5_4.3p2-9_all.deb
ssh_4.3p2-9_all.deb
to pool/main/o/openssh/ssh_4.3p2-9_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 407766@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 5 Mar 2007 16:13:50 +0000
Source: openssh
Binary: ssh-askpass-gnome ssh-krb5 openssh-client-udeb ssh openssh-server openssh-client openssh-server-udeb
Architecture: source powerpc all
Version: 1:4.3p2-9
Distribution: unstable
Urgency: high
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - Secure shell client, an rlogin/rsh/rcp replacement
openssh-client-udeb - Secure shell client for the Debian installer (udeb)
openssh-server - Secure shell server, an rshd replacement
openssh-server-udeb - Secure shell server for the Debian installer (udeb)
ssh - Secure shell client and server (transitional package)
ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
ssh-krb5 - Secure shell client and server (transitional package)
Closes: 404863 407766 412330
Changes:
openssh (1:4.3p2-9) unstable; urgency=high
.
[ Russ Allbery ]
* Fix GSSAPIKeyExchange configuration file handling logic in ssh-krb5
(closes: #404863).
* Fix uncommenting of GSSAPI options by ssh-krb5 (closes: #407766).
.
[ Colin Watson ]
* debconf template translations:
- Add Norwegian Bokmål (thanks, Bjørn Steensrud; closes: #412330).
Files:
d7615f49e4f55d79c6b1ba3bbdee8a79 1000 net standard openssh_4.3p2-9.dsc
d4255feb7a987059b1ec43483a3b3bd2 259760 net standard openssh_4.3p2-9.diff.gz
3813ca3973d4b5101de98acbb951c32f 1054 net extra ssh_4.3p2-9_all.deb
37221ae6edec410f61923a4584744973 91464 net extra ssh-krb5_4.3p2-9_all.deb
b80c9ed4ccfc37ca7c74d967c91830e0 651760 net standard openssh-client_4.3p2-9_powerpc.deb
b9286d4f557d84b18e43d5cdddc6123e 234426 net optional openssh-server_4.3p2-9_powerpc.deb
cd88ec5af1d667d1b77c4eaa5b8cca5f 100602 gnome optional ssh-askpass-gnome_4.3p2-9_powerpc.deb
9cc95b5eff7028141d62c901d317095b 166786 debian-installer optional openssh-client-udeb_4.3p2-9_powerpc.udeb
b60818d59b459ac0dad988d8699007e7 169936 debian-installer optional openssh-server-udeb_4.3p2-9_powerpc.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFF7EUP9t0zAhD6TNERAnNuAJ9DL2GJM0vFYeScnoTPQlbPsfmKWwCeLguu
gTdM9U7Y3I3bRT0R1/Zoyf8=
=BKll
-----END PGP SIGNATURE-----
--- End Message ---