- markus@cvs.openbsd.org 2003/05/15 00:28:28
[sshconnect2.c]
cleanup unregister of per-method packet handlers; ok djm@
+ - jakob@cvs.openbsd.org 2003/05/15 01:48:10
+ [readconf.c readconf.h servconf.c servconf.h]
+ always parse kerberos options. ok djm@ markus@
+ - (djm) Always parse UsePAM
- (djm) Configure glue for DNS support (code doesn't work in portable yet)
20030514
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.107 2003/05/14 18:16:20 jakob Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.108 2003/05/15 01:48:10 jakob Exp $");
#include "ssh.h"
#include "xmalloc.h"
oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
oPasswordAuthentication, oRSAAuthentication,
oChallengeResponseAuthentication, oXAuthLocation,
-#if defined(KRB4) || defined(KRB5)
- oKerberosAuthentication,
-#endif
-#if defined(AFS) || defined(KRB5)
- oKerberosTgtPassing,
-#endif
-#ifdef AFS
- oAFSTokenPassing,
-#endif
+ oKerberosAuthentication, oKerberosTgtPassing, oAFSTokenPassing,
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
{ "challengeresponseauthentication", oChallengeResponseAuthentication },
{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */
-#if defined(KRB4) || defined(KRB5)
{ "kerberosauthentication", oKerberosAuthentication },
-#endif
-#if defined(AFS) || defined(KRB5)
{ "kerberostgtpassing", oKerberosTgtPassing },
-#endif
-#ifdef AFS
{ "afstokenpassing", oAFSTokenPassing },
-#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
{ "identityfile", oIdentityFile },
case oChallengeResponseAuthentication:
intptr = &options->challenge_response_authentication;
goto parse_flag;
-#if defined(KRB4) || defined(KRB5)
+
case oKerberosAuthentication:
intptr = &options->kerberos_authentication;
goto parse_flag;
-#endif
-#if defined(AFS) || defined(KRB5)
+
case oKerberosTgtPassing:
intptr = &options->kerberos_tgt_passing;
goto parse_flag;
-#endif
-#ifdef AFS
+
case oAFSTokenPassing:
intptr = &options->afs_token_passing;
goto parse_flag;
-#endif
+
case oBatchMode:
intptr = &options->batch_mode;
goto parse_flag;
options->rsa_authentication = -1;
options->pubkey_authentication = -1;
options->challenge_response_authentication = -1;
-#if defined(KRB4) || defined(KRB5)
options->kerberos_authentication = -1;
-#endif
-#if defined(AFS) || defined(KRB5)
options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
options->afs_token_passing = -1;
-#endif
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
options->pubkey_authentication = 1;
if (options->challenge_response_authentication == -1)
options->challenge_response_authentication = 1;
-#if defined(KRB4) || defined(KRB5)
if (options->kerberos_authentication == -1)
options->kerberos_authentication = 1;
-#endif
-#if defined(AFS) || defined(KRB5)
if (options->kerberos_tgt_passing == -1)
options->kerberos_tgt_passing = 1;
-#endif
-#ifdef AFS
if (options->afs_token_passing == -1)
options->afs_token_passing = 1;
-#endif
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
-/* $OpenBSD: readconf.h,v 1.48 2003/05/14 18:16:20 jakob Exp $ */
+/* $OpenBSD: readconf.h,v 1.49 2003/05/15 01:48:10 jakob Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
int hostbased_authentication; /* ssh2's rhosts_rsa */
int challenge_response_authentication;
/* Try S/Key or TIS, authentication. */
-#if defined(KRB4) || defined(KRB5)
int kerberos_authentication; /* Try Kerberos authentication. */
-#endif
-#if defined(AFS) || defined(KRB5)
int kerberos_tgt_passing; /* Try Kerberos TGT passing. */
-#endif
-#ifdef AFS
int afs_token_passing; /* Try AFS token passing. */
-#endif
int password_authentication; /* Try password
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.118 2003/04/09 08:23:52 hin Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.119 2003/05/15 01:48:10 jakob Exp $");
#if defined(KRB4)
#include <krb.h>
{
memset(options, 0, sizeof(*options));
-#ifdef USE_PAM
/* Portable-specific options */
options->use_pam = -1;
-#endif
/* Standard Options */
options->num_ports = 0;
options->hostbased_uses_name_from_packet_only = -1;
options->rsa_authentication = -1;
options->pubkey_authentication = -1;
-#if defined(KRB4) || defined(KRB5)
options->kerberos_authentication = -1;
options->kerberos_or_local_passwd = -1;
options->kerberos_ticket_cleanup = -1;
-#endif
-#if defined(AFS) || defined(KRB5)
options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
options->afs_token_passing = -1;
-#endif
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
fill_default_server_options(ServerOptions *options)
{
/* Portable-specific options */
-#ifdef USE_PAM
if (options->use_pam == -1)
- options->use_pam = 1;
-#endif
+ options->use_pam = 0;
/* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->rsa_authentication = 1;
if (options->pubkey_authentication == -1)
options->pubkey_authentication = 1;
-#if defined(KRB4) || defined(KRB5)
if (options->kerberos_authentication == -1)
options->kerberos_authentication = 0;
if (options->kerberos_or_local_passwd == -1)
options->kerberos_or_local_passwd = 1;
if (options->kerberos_ticket_cleanup == -1)
options->kerberos_ticket_cleanup = 1;
-#endif
-#if defined(AFS) || defined(KRB5)
if (options->kerberos_tgt_passing == -1)
options->kerberos_tgt_passing = 0;
-#endif
-#ifdef AFS
if (options->afs_token_passing == -1)
options->afs_token_passing = 0;
-#endif
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogFacility, sLogLevel,
sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
-#if defined(KRB4) || defined(KRB5)
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
-#endif
-#if defined(AFS) || defined(KRB5)
- sKerberosTgtPassing,
-#endif
-#ifdef AFS
- sAFSTokenPassing,
-#endif
- sChallengeResponseAuthentication,
+ sKerberosTgtPassing, sAFSTokenPassing, sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
{ "rsaauthentication", sRSAAuthentication },
{ "pubkeyauthentication", sPubkeyAuthentication },
{ "dsaauthentication", sPubkeyAuthentication }, /* alias */
-#if defined(KRB4) || defined(KRB5)
{ "kerberosauthentication", sKerberosAuthentication },
{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
{ "kerberosticketcleanup", sKerberosTicketCleanup },
-#endif
-#if defined(AFS) || defined(KRB5)
{ "kerberostgtpassing", sKerberosTgtPassing },
-#endif
-#ifdef AFS
{ "afstokenpassing", sAFSTokenPassing },
-#endif
{ "passwordauthentication", sPasswordAuthentication },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
{ "challengeresponseauthentication", sChallengeResponseAuthentication },
case sPubkeyAuthentication:
intptr = &options->pubkey_authentication;
goto parse_flag;
-#if defined(KRB4) || defined(KRB5)
+
case sKerberosAuthentication:
intptr = &options->kerberos_authentication;
goto parse_flag;
case sKerberosTicketCleanup:
intptr = &options->kerberos_ticket_cleanup;
goto parse_flag;
-#endif
-#if defined(AFS) || defined(KRB5)
+
case sKerberosTgtPassing:
intptr = &options->kerberos_tgt_passing;
goto parse_flag;
-#endif
-#ifdef AFS
+
case sAFSTokenPassing:
intptr = &options->afs_token_passing;
goto parse_flag;
-#endif
case sPasswordAuthentication:
intptr = &options->password_authentication;
-/* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */
+/* $OpenBSD: servconf.h,v 1.60 2003/05/15 01:48:10 jakob Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
int hostbased_uses_name_from_packet_only; /* experimental */
int rsa_authentication; /* If true, permit RSA authentication. */
int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
-#if defined(KRB4) || defined(KRB5)
int kerberos_authentication; /* If true, permit Kerberos
* authentication. */
int kerberos_or_local_passwd; /* If true, permit kerberos
* /etc/passwd */
int kerberos_ticket_cleanup; /* If true, destroy ticket
* file on logout. */
-#endif
-#if defined(AFS) || defined(KRB5)
int kerberos_tgt_passing; /* If true, permit Kerberos TGT
* passing. */
-#endif
-#ifdef AFS
int afs_token_passing; /* If true, permit AFS token passing. */
-#endif
int password_authentication; /* If true, permit password
* authentication. */
int kbd_interactive_authentication; /* If true, permit */
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
-# Set this to 'yes' to enable PAM keyboard-interactive authentication
+# Set this to 'yes' to enable PAM authentication (via challenge-response)
+# and session processing
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
-#PAMAuthenticationViaKbdInt no
+#UsePAM no
#X11Forwarding no
#X11DisplayOffset 10