Bug#407766: ssh-krb5: GSSAPI sshd_config logic still not quite right
Package: ssh-krb5
Version: 1:4.3p2-8
Severity: important
Tags: patch
The logic to enable GSSAPI when ssh-krb5 is installed still isn't quite
right. The sshd_config shipped with openssh-server not only has the
GSSAPI options commented out, it has GSSAPIAuthentication set to no.
When ssh-krb5 is installed, it should be set to yes.
Here's a patch.
Could a version with this fix and the fix in #404863 please be uploaded?
I really want to get these fixes into etch so that we have a smooth
transition. Let me know if I can help (via NMU for instance).
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
--- openssh-4.3p2/debian/ssh-krb5.postinst.orig 2007-01-19 17:59:29.000000000 -0800
+++ openssh-4.3p2/debian/ssh-krb5.postinst 2007-01-20 19:08:20.000000000 -0800
@@ -19,7 +19,7 @@
:
else
if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then
- perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b/$1/i' \
+ perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b.*/$1 yes/i' \
< /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
chown --reference /etc/ssh/sshd_config \
/etc/ssh/sshd_config.dpkg-new
Reply to: