Bug 190030

Summary: Minor inconsistency in sshd_config-file
Product: [Retired] Fedora Legacy Reporter: Stefan Neufeind <redhat>
Component: opensshAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: unspecified   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-04-26 22:30:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stefan Neufeind 2006-04-26 20:06:04 UTC 
Minor bug in ssh/sshd_config of openssh-server-3.9p1-8.0.4.legacy:


# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes


should surely be:
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials no
GSSAPICleanupCredentials yes

(second last line needs a "no" to be consistent)
Comment 1 Marc Deslauriers 2006-04-26 20:43:45 UTC 
To be consistent with what?

The commented options are the default values the openssh daemon uses if it
doesn't find the item in the config file. Are you saying the openssh daemon sets
GSSAPICleanupCredentials to no when the option is not present in the config file?
Comment 2 Stefan Neufeind 2006-04-26 20:50:45 UTC 
There is one line with comment, below one without - I guess for you to easily
"switch" those two lines. The latest two lines however are the same (both yes).
So either maybe we drop the duplicate lines or at least make the commented out
pairs "the same" (one no, one yes).

Or am I wrong?
Comment 3 Marc Deslauriers 2006-04-26 21:00:55 UTC 
They aren't there to be able to "switch" between them. From the top of the
config file:

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

The option that's commented out tells us what the daemon's default value is if
the config item is not present in the config file. The option that's active
overrides the default value.

In other words, GSSAPICleanupCredentials is set to "yes" by default. It is also
set to "yes" by the uncommented line of the config file.

GSSAPIAuthentication is set to "no" by default when the daemon starts up, but
it's overridden to "yes" because of the uncommented line in the config file.