thanks Date: Tue, 08 May 2007 10:37:38 -0400 In-Reply-To: <[EMAIL PROTECTED]> (Jon DeVree's message of "Tue, 8 May 2007 03:20:41 -0400") Message-ID: <[EMAIL PROTECTED]> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii
Ah. I think I have an idea here. First, I'd strongly recommend pam_krb5 instead of KerberosAuthentication in sshd_config. But I believe I can fix the problem you're seeing there too. If you get a chance to try the following patch it would be appreciated. If you aren't sufficiently familiar building Debian packages I'll try to upload this reasonably soon. Index: src/include/k5-int.h =================================================================== --- src/include/k5-int.h (revision 19537) +++ src/include/k5-int.h (revision 19538) @@ -1048,9 +1048,9 @@ #define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000 #define krb5_gic_opt_is_extended(s) \ - (((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0) + ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0) #define krb5_gic_opt_is_shadowed(s) \ - (((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0) + ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0) typedef struct _krb5_gic_opt_private { Index: src/lib/krb5/krb/gic_opt.c =================================================================== --- src/lib/krb5/krb/gic_opt.c (revision 19537) +++ src/lib/krb5/krb/gic_opt.c (revision 19538) @@ -206,8 +206,18 @@ oe = krb5int_gic_opte_alloc(context); if (NULL == oe) return ENOMEM; - memcpy(oe, opt, sizeof(*opt)); - /* Fix these -- overwritten by the copy */ + + if (opt) + memcpy(oe, opt, sizeof(*opt)); + + /* + * Fix the flags -- the EXTENDED flag would have been + * overwritten by the copy if there was one. The + * SHADOWED flag is necessary to ensure that the + * krb5_gic_opt_ext structure that was allocated + * here will be freed by the library because the + * application is unaware of its existence. + */ oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED | KRB5_GET_INIT_CREDS_OPT_SHADOWED); Property changes on: . ___________________________________________________________________ Name: svk:merge - 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/branches/krb5-1-6:20009 304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339 dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199 dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581 dc483132-0cff-0310-8789-dd5450dbe970:/trunk:18744 + 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/branches/krb5-1-6:20016 304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339 dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199 dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581 dc483132-0cff-0310-8789-dd5450dbe970:/trunk:18744 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]