Bug 17845 - openssh sshd config file error
Summary: openssh sshd config file error
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh
Version: 7.0
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-09-26 03:29 UTC by Seth Vidal
Modified: 2007-04-18 16:28 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-02-02 15:59:01 UTC
Embargoed:


Attachments (Terms of Use)

Description Seth Vidal 2000-09-26 03:29:48 UTC
Hi the sshd_config file in /etc/ssh contains the following lines:
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd no 
#AFSTokenPassing no
#KerberosTicketCleanup no

uncommenting these lines will cause an error claiming that the
configuration directives are incorrect.
 
This appears to be a brokenness in openssh - not in your build of it.

However ssh'ing into a configured kerberos system does not succeed while
using login from the same system on the same account does.

I've checked the pam config for both and b/c of system-auth (pam_stack)
they are both using more or less the same rules (excluding ssh's use of
pam_limit)

nevertheless something is broken - I'll relate more as I know it.

thanks

Comment 1 Pekka Savola 2000-09-26 18:45:18 UTC
This is a feature or "feature" of OpenSSH.

If certain options (I tried AFSTokenPassing and KerberosTgtPassing myself, a month or two ago),
aren't enabled at compile time, sshd will barf if they're used -- those won't be recognized at all.  
This isn't how it's usually done I think.

-- e.g. from servconf.c ---
[ ... ]
#ifdef KRB4
        oKerberosAuthentication,
#endif /* KRB4 */
#ifdef AFS
        oKerberosTgtPassing, oAFSTokenPassing,
#endif
[ ... ]
---

Comment 2 Nalin Dahyabhai 2000-10-02 01:12:42 UTC
OpenSSH doesn't yet support Kerberos 5 for authentication, and we're trying to
stay away from using Kerberos IV auth for anything in the distribution.  Local
testing shows that sshd with PAM and pam_krb5 does operate correctly, so I'm not
sure what to make of Seth's results otherwise.

Comment 3 Tomas Mraz 2005-02-02 15:59:01 UTC
This doesn't seem to me as a real bug (see comment #1, and comment #2).
Maybe we could patch out the commented options from the config file
but it doesn't seem to me to be worth the patch.



Note You need to log in before you can comment on or make changes to this bug.