options->session_hooks_shutdown_cmd = NULL;
#endif
options->kerberos_get_afs_token = -1;
- options->gss_authentication=-1;
+ options->gss_authentication = -1;
+ options->gss_deleg_creds = -1;
options->gss_keyex = -1;
options->gss_cleanup_creds = -1;
options->gss_strict_acceptor = -1;
options->kerberos_get_afs_token = 0;
if (options->gss_authentication == -1)
options->gss_authentication = 1;
+ if (options->gss_deleg_creds == -1)
+ options->gss_deleg_creds = 1;
if (options->gss_keyex == -1)
options->gss_keyex = 1;
if (options->gss_cleanup_creds == -1)
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sGssAuthentication, sGssCleanupCreds,
+ sGssDelegateCreds,
sGssStrictAcceptor,
sGssKeyEx,
sGssCredsPath,
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
+ { "gssapidelegatecredentials", sGssDelegateCreds, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
{ "gssapicredentialspath", sGssCredsPath, SSHCFG_GLOBAL },
#endif
#else
{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
+ { "gssapidelegatecredentials", sUnsupported, SSHCFG_ALL },
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
{ "gssapicredentialspath", sUnsupported, SSHCFG_GLOBAL },
intptr = &options->gss_authentication;
goto parse_flag;
+ case sGssDelegateCreds:
+ intptr = &options->gss_deleg_creds;
+ goto parse_flag;
+
case sGssKeyEx:
intptr = &options->gss_keyex;
goto parse_flag;
{
M_CP_INTOPT(password_authentication);
M_CP_INTOPT(gss_authentication);
+ M_CP_INTOPT(gss_deleg_creds);
M_CP_INTOPT(rsa_authentication);
M_CP_INTOPT(pubkey_authentication);
M_CP_INTOPT(kerberos_authentication);
int kerberos_get_afs_token; /* If true, try to get AFS token if
* authenticated with Kerberos. */
int gss_authentication; /* If true, permit GSSAPI authentication */
+ int gss_deleg_creds; /* If true, store delegated GSSAPI credentials*/
int gss_keyex; /* If true, permit GSSAPI key exchange */
int gss_cleanup_creds; /* If true, destroy cred cache on logout */
int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */