[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#474246: marked as done (openssh-server: sshd no longer handles GSSAPIStrictAcceptorCheck no)

Your message dated Sun, 06 Apr 2008 12:02:43 +0000
with message-id <E1JiTa7-0006q3-9l@ries.debian.org>
and subject line Bug#474246: fixed in openssh 1:4.7p1-8
has caused the Debian Bug report #474246,
regarding openssh-server: sshd no longer handles GSSAPIStrictAcceptorCheck no
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
474246: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474246
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-server
Version: 1:4.7p1-7
Severity: normal

Previoulsy in 4.6 (maybe earlier?), you could set
GSSAPIStrictAcceptorCheck to no, which would allow for authenticating
using any key in the keytab for the system, allowing you to log in to
a multi-homed address.  Looking through the diff, support for this is
missing, other then handling the option in the config file.

Setting the option to no has no effect.  Perhaps part of the patch got
dropped somehow?

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-server depends on:
ii  adduser               3.107              add and remove users and groups
ii  debconf [debconf-2.0] 1.5.20             Debian configuration management sy
ii  dpkg                  1.14.16.6          package maintenance system for Deb
ii  libc6                 2.7-10             GNU C Library: Shared libraries
ii  libcomerr2            1.40.8-2           common error description library
ii  libkrb53              1.6.dfsg.3~beta1-4 MIT Kerberos runtime libraries
ii  libpam-modules        0.99.7.1-6         Pluggable Authentication Modules f
ii  libpam-runtime        0.99.7.1-6         Runtime support for the PAM librar
ii  libpam0g              0.99.7.1-6         Pluggable Authentication Modules l
ii  libselinux1           2.0.59-1           SELinux shared libraries
ii  libssl0.9.8           0.9.8g-8           SSL shared libraries
ii  libwrap0              7.6.dbs-14         Wietse Venema's TCP wrappers libra
ii  lsb-base              3.2-6              Linux Standard Base 3.2 init scrip
ii  openssh-client        1:4.7p1-7          secure shell client, an rlogin/rsh
ii  zlib1g                1:1.2.3.3.dfsg-11  compression library - runtime

Versions of packages openssh-server recommends:
ii  xauth                         1:1.0.3-1  X authentication utility

-- debconf information:
* ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/disable_cr_auth: false
* ssh/encrypted_host_key_but_no_keygen:

--- End Message ---
--- Begin Message --- 
Source: openssh
Source-Version: 1:4.7p1-8

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_4.7p1-8_i386.udeb
  to pool/main/o/openssh/openssh-client-udeb_4.7p1-8_i386.udeb
openssh-client_4.7p1-8_i386.deb
  to pool/main/o/openssh/openssh-client_4.7p1-8_i386.deb
openssh-server-udeb_4.7p1-8_i386.udeb
  to pool/main/o/openssh/openssh-server-udeb_4.7p1-8_i386.udeb
openssh-server_4.7p1-8_i386.deb
  to pool/main/o/openssh/openssh-server_4.7p1-8_i386.deb
openssh_4.7p1-8.diff.gz
  to pool/main/o/openssh/openssh_4.7p1-8.diff.gz
openssh_4.7p1-8.dsc
  to pool/main/o/openssh/openssh_4.7p1-8.dsc
ssh-askpass-gnome_4.7p1-8_i386.deb
  to pool/main/o/openssh/ssh-askpass-gnome_4.7p1-8_i386.deb
ssh-krb5_4.7p1-8_all.deb
  to pool/main/o/openssh/ssh-krb5_4.7p1-8_all.deb
ssh_4.7p1-8_all.deb
  to pool/main/o/openssh/ssh_4.7p1-8_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 474246@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 06 Apr 2008 12:34:19 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source all i386
Version: 1:4.7p1-8
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - secure shell client, an rlogin/rsh/rcp replacement
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell server, an rshd replacement
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 474246
Changes: 
 openssh (1:4.7p1-8) unstable; urgency=high
 .
   * Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-5.
   * Rename KeepAlive to TCPKeepAlive in sshd_config, cleaning up from old
     configurations (LP: #211400).
   * Tweak scp's reporting of filenames in verbose mode to be a bit less
     confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945).
   * Backport from 4.9p1:
     - Ignore ~/.ssh/rc if a sshd_config ForceCommand is specified (see
       http://www.securityfocus.com/bid/28531/info).
     - Add no-user-rc authorized_keys option to disable execution of
       ~/.ssh/rc.
   * Backport from Simon Wilkinson's GSSAPI key exchange patch for 5.0p1:
     - Add code to actually implement GSSAPIStrictAcceptorCheck, which had
       somehow been omitted from a previous version of this patch (closes:
       #474246).
Files: 
 28d448774a113cbae43b1fef9386fb7d 1104 net standard openssh_4.7p1-8.dsc
 4c96453c04f37ab82cf9b16fed1c4453 189498 net standard openssh_4.7p1-8.diff.gz
 914222f26bbc485c7823188dff93b74a 1040 net extra ssh_4.7p1-8_all.deb
 d126da8bd93cba5e100ee708a6cd89b1 88270 net extra ssh-krb5_4.7p1-8_all.deb
 fd40f6003c1e0ab07a130e932365cafc 662660 net standard openssh-client_4.7p1-8_i386.deb
 55a89ce4fdd7f86ec8e0a063aba161bd 245844 net optional openssh-server_4.7p1-8_i386.deb
 ca289645384034a92e4a0d801cc92a0a 95740 gnome optional ssh-askpass-gnome_4.7p1-8_i386.deb
 4df8ed4b950ee2b6944ac90a19a0b60b 158564 debian-installer optional openssh-client-udeb_4.7p1-8_i386.udeb
 3a8a69d029f09d44934db6451b71e62b 169140 debian-installer optional openssh-server-udeb_4.7p1-8_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFH+LdX9t0zAhD6TNERAgsiAJ9T3dxJJjnjAavOwc7az/61QWYKjwCfQ24s
pBKGZI45Ku96VDyzvVhd4o0=
=FigL
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: