- markus@cvs.openbsd.org 2002/04/22 06:15:47
[radix.c]
fix check for overflow
+ - markus@cvs.openbsd.org 2002/04/22 16:16:53
+ [servconf.c sshd.8 sshd_config]
+ do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
20020421
- (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0).
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.106 2002/04/20 09:02:03 deraadt Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.107 2002/04/22 16:16:53 markus Exp $");
#if defined(KRB4)
#include <krb.h>
options->pubkey_authentication = 1;
#if defined(KRB4) || defined(KRB5)
if (options->kerberos_authentication == -1)
- options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
+ options->kerberos_authentication = 0;
if (options->kerberos_or_local_passwd == -1)
options->kerberos_or_local_passwd = 1;
if (options->kerberos_ticket_cleanup == -1)
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.177 2002/04/21 16:19:27 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.178 2002/04/22 16:16:53 markus Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
To use this option, the server needs a
Kerberos servtab which allows the verification of the KDC's identity.
Default is
-.Dq yes .
+.Dq no .
.It Cm KerberosOrLocalPasswd
If set then if password authentication through Kerberos fails then
the password will be validated via any additional local mechanism
-# $OpenBSD: sshd_config,v 1.50 2002/04/21 16:19:27 stevesk Exp $
+# $OpenBSD: sshd_config,v 1.51 2002/04/22 16:16:53 markus Exp $
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
#ChallengeResponseAuthentication yes
# Kerberos options
-# KerberosAuthentication automatically enabled if keyfile exists
-#KerberosAuthentication yes
+#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes