*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.114 2002/08/21 19:38:06 stevesk Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.119 2003/05/15 01:48:10 jakob Exp $");
#if defined(KRB4)
#include <krb.h>
#endif
+
#if defined(KRB5)
-#ifdef HEIMDAL
-#include <krb.h>
-#else
-/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
- * keytab */
-#define KEYFILE "/etc/krb5.keytab"
-#endif
+# ifdef HEIMDAL
+# include <krb.h>
+# else
+/*
+ * XXX: Bodge - but then, so is using the kerberos IV KEYFILE to get a
+ * Kerberos V keytab
+ */
+# define KEYFILE "/etc/krb5.keytab"
+# endif
#endif
+
#ifdef AFS
#include <kafs.h>
#endif
memset(options, 0, sizeof(*options));
/* Portable-specific options */
- options->pam_authentication_via_kbd_int = -1;
+ options->use_pam = -1;
/* Standard Options */
options->num_ports = 0;
options->hostbased_uses_name_from_packet_only = -1;
options->rsa_authentication = -1;
options->pubkey_authentication = -1;
-#if defined(KRB4) || defined(KRB5)
options->kerberos_authentication = -1;
options->kerberos_or_local_passwd = -1;
options->kerberos_ticket_cleanup = -1;
-#endif
-#if defined(AFS) || defined(KRB5)
options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
options->afs_token_passing = -1;
-#endif
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
fill_default_server_options(ServerOptions *options)
{
/* Portable-specific options */
- if (options->pam_authentication_via_kbd_int == -1)
- options->pam_authentication_via_kbd_int = 0;
+ if (options->use_pam == -1)
+ options->use_pam = 0;
/* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN)
if (options->server_key_bits == -1)
options->server_key_bits = 768;
if (options->login_grace_time == -1)
- options->login_grace_time = 60;
+ options->login_grace_time = 120;
if (options->key_regeneration_time == -1)
options->key_regeneration_time = 3600;
if (options->permit_root_login == PERMIT_NOT_SET)
options->rsa_authentication = 1;
if (options->pubkey_authentication == -1)
options->pubkey_authentication = 1;
-#if defined(KRB4) || defined(KRB5)
if (options->kerberos_authentication == -1)
options->kerberos_authentication = 0;
if (options->kerberos_or_local_passwd == -1)
options->kerberos_or_local_passwd = 1;
if (options->kerberos_ticket_cleanup == -1)
options->kerberos_ticket_cleanup = 1;
-#endif
-#if defined(AFS) || defined(KRB5)
if (options->kerberos_tgt_passing == -1)
options->kerberos_tgt_passing = 0;
-#endif
-#ifdef AFS
if (options->afs_token_passing == -1)
options->afs_token_passing = 0;
-#endif
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
typedef enum {
sBadOption, /* == unknown option */
/* Portable-specific options */
- sPAMAuthenticationViaKbdInt,
+ sUsePAM,
/* Standard Options */
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogFacility, sLogLevel,
sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
-#if defined(KRB4) || defined(KRB5)
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
-#endif
-#if defined(AFS) || defined(KRB5)
- sKerberosTgtPassing,
-#endif
-#ifdef AFS
- sAFSTokenPassing,
-#endif
- sChallengeResponseAuthentication,
+ sKerberosTgtPassing, sAFSTokenPassing, sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
ServerOpCodes opcode;
} keywords[] = {
/* Portable-specific options */
- { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
+ { "UsePAM", sUsePAM },
/* Standard Options */
{ "port", sPort },
{ "hostkey", sHostKeyFile },
{ "rsaauthentication", sRSAAuthentication },
{ "pubkeyauthentication", sPubkeyAuthentication },
{ "dsaauthentication", sPubkeyAuthentication }, /* alias */
-#if defined(KRB4) || defined(KRB5)
{ "kerberosauthentication", sKerberosAuthentication },
{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
{ "kerberosticketcleanup", sKerberosTicketCleanup },
-#endif
-#if defined(AFS) || defined(KRB5)
{ "kerberostgtpassing", sKerberosTgtPassing },
-#endif
-#ifdef AFS
{ "afstokenpassing", sAFSTokenPassing },
-#endif
{ "passwordauthentication", sPasswordAuthentication },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
{ "challengeresponseauthentication", sChallengeResponseAuthentication },
opcode = parse_token(arg, filename, linenum);
switch (opcode) {
/* Portable-specific options */
- case sPAMAuthenticationViaKbdInt:
- intptr = &options->pam_authentication_via_kbd_int;
+ case sUsePAM:
+ intptr = &options->use_pam;
goto parse_flag;
/* Standard Options */
case sPubkeyAuthentication:
intptr = &options->pubkey_authentication;
goto parse_flag;
-#if defined(KRB4) || defined(KRB5)
+
case sKerberosAuthentication:
intptr = &options->kerberos_authentication;
goto parse_flag;
case sKerberosTicketCleanup:
intptr = &options->kerberos_ticket_cleanup;
goto parse_flag;
-#endif
-#if defined(AFS) || defined(KRB5)
+
case sKerberosTgtPassing:
intptr = &options->kerberos_tgt_passing;
goto parse_flag;
-#endif
-#ifdef AFS
+
case sAFSTokenPassing:
intptr = &options->afs_token_passing;
goto parse_flag;
-#endif
case sPasswordAuthentication:
intptr = &options->password_authentication;
goto parse_int;
case sDeprecated:
- log("%s line %d: Deprecated option %s",
+ logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
while (arg)
arg = strdelim(&cp);
char line[1024];
FILE *f;
+ debug2("read_server_config: filename %s", filename);
f = fopen(filename, "r");
if (!f) {
perror(filename);