[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#474246: openssh-server: sshd no longer handles GSSAPIStrictAcceptorCheck no

Package: openssh-server
Version: 1:4.7p1-7
Severity: normal

Previoulsy in 4.6 (maybe earlier?), you could set
GSSAPIStrictAcceptorCheck to no, which would allow for authenticating
using any key in the keytab for the system, allowing you to log in to
a multi-homed address.  Looking through the diff, support for this is
missing, other then handling the option in the config file.

Setting the option to no has no effect.  Perhaps part of the patch got
dropped somehow?

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-server depends on:
ii  adduser               3.107              add and remove users and groups
ii  debconf [debconf-2.0] 1.5.20             Debian configuration management sy
ii  dpkg                  package maintenance system for Deb
ii  libc6                 2.7-10             GNU C Library: Shared libraries
ii  libcomerr2            1.40.8-2           common error description library
ii  libkrb53              1.6.dfsg.3~beta1-4 MIT Kerberos runtime libraries
ii  libpam-modules         Pluggable Authentication Modules f
ii  libpam-runtime         Runtime support for the PAM librar
ii  libpam0g             Pluggable Authentication Modules l
ii  libselinux1           2.0.59-1           SELinux shared libraries
ii  libssl0.9.8           0.9.8g-8           SSL shared libraries
ii  libwrap0              7.6.dbs-14         Wietse Venema's TCP wrappers libra
ii  lsb-base              3.2-6              Linux Standard Base 3.2 init scrip
ii  openssh-client        1:4.7p1-7          secure shell client, an rlogin/rsh
ii  zlib1g                1:  compression library - runtime

Versions of packages openssh-server recommends:
ii  xauth                         1:1.0.3-1  X authentication utility

-- debconf information:
* ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/disable_cr_auth: false
* ssh/encrypted_host_key_but_no_keygen:

Reply to: