From 1a0c0b96219b037865d624079a81ab7d88bbccc1 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 2 Sep 2003 22:51:17 +1000
Subject:    - markus@cvs.openbsd.org 2003/08/28 12:54:34      [auth-krb5.c
 auth.h auth1.c monitor.c monitor.h monitor_wrap.c]      [monitor_wrap.h
 readconf.c servconf.c session.c ssh_config.5]      [sshconnect1.c sshd.c
 sshd_config sshd_config.5]      remove kerberos support from ssh1, since it
 has been replaced with GSSAPI;      but keep kerberos passwd auth for ssh1
 and 2; ok djm, hin, henning, ...

---
 auth1.c | 57 +--------------------------------------------------------
 1 file changed, 1 insertion(+), 56 deletions(-)

(limited to 'auth1.c')

diff --git a/auth1.c b/auth1.c
index d8b5836b..5b1922a1 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.50 2003/08/13 08:46:30 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.52 2003/08/28 12:54:34 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -49,10 +49,6 @@ get_authname(int type)
 	case SSH_CMSG_AUTH_TIS:
 	case SSH_CMSG_AUTH_TIS_RESPONSE:
 		return "challenge-response";
-#ifdef KRB5
-	case SSH_CMSG_AUTH_KERBEROS:
-		return "kerberos";
-#endif
 	}
 	snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);
 	return buf;
@@ -119,47 +115,6 @@ do_authloop(Authctxt *authctxt)
 
 		/* Process the packet. */
 		switch (type) {
-
-#ifdef KRB5
-		case SSH_CMSG_AUTH_KERBEROS:
-			if (!options.kerberos_authentication) {
-				verbose("Kerberos authentication disabled.");
-			} else {
-				char *kdata = packet_get_string(&dlen);
-				packet_check_eom();
-
-				if (kdata[0] != 4) { /* KRB_PROT_VERSION */
-					krb5_data tkt, reply;
-					tkt.length = dlen;
-					tkt.data = kdata;
-
-					if (PRIVSEP(auth_krb5(authctxt, &tkt,
-					    &client_user, &reply))) {
-						authenticated = 1;
-						snprintf(info, sizeof(info),
-						    " tktuser %.100s",
-						    client_user);
-
- 						/* Send response to client */
- 						packet_start(
-						    SSH_SMSG_AUTH_KERBEROS_RESPONSE);
- 						packet_put_string((char *)
-						    reply.data, reply.length);
- 						packet_send();
- 						packet_write_wait();
-
- 						if (reply.length)
- 							xfree(reply.data);
-					}
-				}
-				xfree(kdata);
-			}
-			break;
-		case SSH_CMSG_HAVE_KERBEROS_TGT:
-			packet_send_debug("Kerberos TGT passing disabled before authentication.");
-			break;
-#endif
-
 		case SSH_CMSG_AUTH_RHOSTS_RSA:
 			if (!options.rhosts_rsa_authentication) {
 				verbose("Rhosts with RSA authentication disabled.");
@@ -337,16 +292,6 @@ do_authentication(void)
 	if ((style = strchr(user, ':')) != NULL)
 		*style++ = '\0';
 
-#ifdef KRB5
-	/* XXX - SSH.com Kerberos v5 braindeath. */
-	if ((datafellows & SSH_BUG_K5USER) &&
-	    options.kerberos_authentication) {
-		char *p;
-		if ((p = strchr(user, '@')) != NULL)
-			*p = '\0';
-	}
-#endif
-
 	authctxt = authctxt_new();
 	authctxt->user = user;
 	authctxt->style = style;
-- 
cgit v1.2.3