diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2007-06-12 23:43:16 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2007-06-12 23:43:16 +1000 |
| commit | 415bddc1bdd2d0be418ab82520512d77643c05b0 (patch) | |
| tree | e5fc5dc49cc7950b2eb26573430fa7d1722f8f0c | |
| parent | 2cbec749d76e73be167bc600ba4c5886b607eab2 (diff) | |
- djm@cvs.openbsd.org 2007/06/12 11:15:17
[ssh.c ssh.1]
Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
and is useful for hosts with /home on Kerberised NFS; bz #1312
patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | ssh.1 | 7 | ||||
| -rw-r--r-- | ssh.c | 10 |
3 files changed, 19 insertions, 6 deletions
@@ -23,6 +23,12 @@ fix slave exit value when a control master goes away without passing the full exit status by ensuring that the slave reads a full int. bz#1261 reported by frekko AT gmail.com; ok markus@ dtucker@ + - djm@cvs.openbsd.org 2007/06/12 11:15:17 + [ssh.c ssh.1] + Add "-K" flag for ssh to set GSSAPIAuthentication=yes and + GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI) + and is useful for hosts with /home on Kerberised NFS; bz #1312 + patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@ 20070611 - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit @@ -3037,4 +3043,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4693 2007/06/12 13:41:33 dtucker Exp $ +$Id: ChangeLog,v 1.4694 2007/06/12 13:43:16 dtucker Exp $ @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.268 2007/06/07 19:37:34 pvalchev Exp $ -.Dd $Mdocdate: June 7 2007 $ +.\" $OpenBSD: ssh.1,v 1.269 2007/06/12 11:15:17 djm Exp $ +.Dd $Mdocdate: June 11 2007 $ .Dt SSH 1 .Os .Sh NAME @@ -315,6 +315,9 @@ It is possible to have multiple .Fl i options (and multiple identities specified in configuration files). +.It Fl K +Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI +credentials to the server. .It Fl k Disables forwarding (delegation) of GSSAPI credentials to the server. .It Fl L Xo @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.296 2007/06/12 11:11:08 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.297 2007/06/12 11:15:17 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -185,7 +185,7 @@ static void usage(void) { fprintf(stderr, -"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" +"usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" " [-D [bind_address:]port] [-e escape_char] [-F configfile]\n" " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" @@ -272,7 +272,7 @@ main(int ac, char **av) again: while ((opt = getopt(ac, av, - "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) { + "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; @@ -326,6 +326,10 @@ main(int ac, char **av) case 'k': options.gss_deleg_creds = 0; break; + case 'K': + options.gss_authentication = 1; + options.gss_deleg_creds = 1; + break; case 'i': if (stat(optarg, &st) < 0) { fprintf(stderr, "Warning: Identity file %s " |