Re: sshd, Tiger and KRB5CCNAME



On Aug 29, 2006, at 10:13 AM, Simon Wilkinson wrote:


On 25 Aug 2006, at 19:58, Alexandra Ellwood wrote:


Is the CCAPI patch even in what went out in the Tiger security
update? AFAICT, it's not, so perhaps the machines where it isn't
working have taken the update and the others have not.

No, it is. It looks like the Tiger security update combines the 4.2p1
OpenSSH release, with the latest version of my GSSAPI patches. These
patches included CCAPI support, but had a mistake where 'FILE:' was
appended to the ccname when creating the environment variable for the
ccache, rather than using 'API:'. You can get access to the delegated
cache by either changing, or unsetting, your KRB5CCNAME shell variable

GssapiKeyExchange is also present, but is now hidden behind an option
defaulting to off.



Just a quick reminder to everyone being impacted by this issue:

If you would like to see this fixed, please take a moment to file a
bug report at <http://bugreport.apple.com/>. If you don't file a
bug, Apple won't know this is a serious problem and is unlikely to
fix it promptly. Even if your bug gets filed as a duplicate, you'll
be added to the list of impacted people and thus increase the bug's
priority. If you're a large site, telling your Apple sales
representatives that your bug report is a serious issue for your site
can also help.

Discussing it on this list may cause patches to get generated, but it
doesn't actually get those patches into a software update. :-)



--lxs

Alexandra Ellwood <lxs@xxxxxxx>
MIT Kerberos Development Team
<http://mit.edu/lxs/www>


________________________________________________
Kerberos mailing list Kerberos@xxxxxxx
https://mailman.mit.edu/mailman/listinfo/kerberos

.

Relevant Pages