[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#474246: openssh-server: sshd no longer handles GSSAPIStrictAcceptorCheck no

On Fri, Apr 04, 2008 at 11:19:19AM -0300, Andrew Phillips wrote:
> Package: openssh-server
> Version: 1:4.7p1-7
> Severity: normal
> 
> Previoulsy in 4.6 (maybe earlier?), you could set
> GSSAPIStrictAcceptorCheck to no, which would allow for authenticating
> using any key in the keytab for the system, allowing you to log in to
> a multi-homed address.  Looking through the diff, support for this is
> missing, other then handling the option in the config file.
> 
> Setting the option to no has no effect.  Perhaps part of the patch got
> dropped somehow?

Seems to have been fixed just today in the updated patch for 5.0p1:

20080404
  - [ gss-serv.c ]
    Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow
    been omitted from a previous version of this patch. Reported by Borislav
    Stoichkov

I might backport this, depending on when I get round to packaging 5.0p1.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: