*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.102 2002/03/18 17:50:31 provos Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.110 2002/05/15 21:56:38 markus Exp $");
-#if defined(KRB4) || defined(KRB5)
+#if defined(KRB4)
+#include <krb.h>
+#endif
+#if defined(KRB5)
+#ifdef HEIMDAL
#include <krb.h>
+#else
+/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
+ * keytab */
+#define KEYFILE "/etc/krb5.keytab"
+#endif
#endif
#ifdef AFS
#include <kafs.h>
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
- options->unprivileged_user = -1;
- options->unprivileged_group = -1;
- options->unprivileged_dir = NULL;
-
/* Needs to be accessable in many places */
use_privsep = -1;
}
options->pubkey_authentication = 1;
#if defined(KRB4) || defined(KRB5)
if (options->kerberos_authentication == -1)
- options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
+ options->kerberos_authentication = 0;
if (options->kerberos_or_local_passwd == -1)
options->kerberos_or_local_passwd = 1;
if (options->kerberos_ticket_cleanup == -1)
#endif
#ifdef AFS
if (options->afs_token_passing == -1)
- options->afs_token_passing = k_hasafs();
+ options->afs_token_passing = 0;
#endif
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
- /* Turn privilege separation _off_ by default */
+ /* Turn privilege separation on by default */
if (use_privsep == -1)
- use_privsep = 0;
- if (options->unprivileged_user == -1)
- options->unprivileged_user = 32767;
- if (options->unprivileged_group == -1)
- options->unprivileged_group = 32767;
- if (options->unprivileged_dir == NULL)
- options->unprivileged_dir = "/var/empty";
+ use_privsep = 1;
}
/* Keyword tokens. */
sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
- sUsePrivilegeSeparation, sUnprivUser, sUnprivGroup, sUnprivDir,
+ sUsePrivilegeSeparation,
sDeprecated
} ServerOpCodes;
{ "authorizedkeysfile", sAuthorizedKeysFile },
{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
{ "useprivilegeseparation", sUsePrivilegeSeparation},
- { "unprivuser", sUnprivUser},
- { "unprivgroup", sUnprivGroup},
- { "unprivdir", sUnprivDir},
{ NULL, sBadOption }
};
intptr = &use_privsep;
goto parse_flag;
- case sUnprivUser:
- intptr = &options->unprivileged_user;
- goto parse_flag;
-
- case sUnprivGroup:
- intptr = &options->unprivileged_group;
- goto parse_flag;
-
- case sUnprivDir:
- charptr = &options->unprivileged_dir;
- goto parse_filename;
-
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS)