Some time back, you reported the following bug against the Debian ssh-krb5
package:
> With more recent versions of ssh-krb5 (3.8.1p1-1 worked, at least; I'd
> guess this broke in 3.8.1p1-4), I am completely unable to delegate
> credentials by any other method than passing -K manually on the command
> line.
>
> My ssh_config reads
>
> Host *.samfundet.no
> GSSAPIDelegateCredentials yes
>
> GSSAPIAuthentication yes
> GSSAPIDelegateCredentials no
>
> This worked with 3.8.1p1-1 (and, to a lesser extent, with 3.6.x
> releases), but not anymore.
Later you mentioned that you were using an unqualified hostname to connect
to the host.
I did some testing, and this seems to work as expected for me if the Host
stanzas are matched against literally what was typed on the command line
(so if I use an unqualifed hostname, I have to put an unqualified hostname
in the Host stanza in my config file). This appears to match what's
documented in the ssh_config man page:
Host Restricts the following declarations (up to the next Host key-
word) to be only for those hosts that match one of the patterns
given after the keyword. '*' and '?' can be used as wildcards in
the patterns. A single '*' as a pattern can be used to provide
global defaults for all hosts. The host is the hostname argument
given on the command line (i.e., the name is not converted to a
canonicalized host name before matching).
(the last sentence in particular), and also my experience with other parts
of ssh (like known_hosts).
I think this therefore isn't a bug, although it's a little bit surprising.
It seems to be the intentional and documented behavior of ssh (for reasons
that I can understand).
Let me know if you disagree; otherwise, I'm going to go ahead and close
this bug. Thanks!
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
