diff options
| author | Damien Miller <djm@mindrot.org> | 2002-04-23 13:04:51 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-04-23 13:04:51 +0200 |
| commit | d7de14b6ada79812cf3a1ceb8f921d92d4d180be (patch) | |
| tree | c8750db01fe0d8b47ad3aafd68165ccd6b523197 | |
| parent | - markus@cvs.openbsd.org 2002/04/22 06:15:47 (diff) | |
| download | openssh-d7de14b6ada79812cf3a1ceb8f921d92d4d180be.tar.xz openssh-d7de14b6ada79812cf3a1ceb8f921d92d4d180be.zip | |
- markus@cvs.openbsd.org 2002/04/22 16:16:53
[servconf.c sshd.8 sshd_config]
do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | servconf.c | 4 | ||||
| -rw-r--r-- | sshd.8 | 4 | ||||
| -rw-r--r-- | sshd_config | 5 |
4 files changed, 10 insertions, 8 deletions
@@ -21,6 +21,9 @@ - markus@cvs.openbsd.org 2002/04/22 06:15:47 [radix.c] fix check for overflow + - markus@cvs.openbsd.org 2002/04/22 16:16:53 + [servconf.c sshd.8 sshd_config] + do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@ 20020421 - (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0). @@ -8287,4 +8290,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.2068 2002/04/23 11:00:33 djm Exp $ +$Id: ChangeLog,v 1.2069 2002/04/23 11:04:51 djm Exp $ diff --git a/servconf.c b/servconf.c index 5172813ec..4b5b406a7 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.106 2002/04/20 09:02:03 deraadt Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.107 2002/04/22 16:16:53 markus Exp $"); #if defined(KRB4) #include <krb.h> @@ -200,7 +200,7 @@ fill_default_server_options(ServerOptions *options) options->pubkey_authentication = 1; #if defined(KRB4) || defined(KRB5) if (options->kerberos_authentication == -1) - options->kerberos_authentication = (access(KEYFILE, R_OK) == 0); + options->kerberos_authentication = 0; if (options->kerberos_or_local_passwd == -1) options->kerberos_or_local_passwd = 1; if (options->kerberos_ticket_cleanup == -1) @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.177 2002/04/21 16:19:27 stevesk Exp $ +.\" $OpenBSD: sshd.8,v 1.178 2002/04/22 16:16:53 markus Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -571,7 +571,7 @@ the Kerberos KDC. To use this option, the server needs a Kerberos servtab which allows the verification of the KDC's identity. Default is -.Dq yes . +.Dq no . .It Cm KerberosOrLocalPasswd If set then if password authentication through Kerberos fails then the password will be validated via any additional local mechanism diff --git a/sshd_config b/sshd_config index a6b148bc9..d55a9e68c 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.50 2002/04/21 16:19:27 stevesk Exp $ +# $OpenBSD: sshd_config,v 1.51 2002/04/22 16:16:53 markus Exp $ # This is the sshd server system-wide configuration file. See sshd(8) # for more information. @@ -60,8 +60,7 @@ #ChallengeResponseAuthentication yes # Kerberos options -# KerberosAuthentication automatically enabled if keyfile exists -#KerberosAuthentication yes +#KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes |