11 # upstream. |
11 # upstream. |
12 # |
12 # |
13 diff -pur old/readconf.c new/readconf.c |
13 diff -pur old/readconf.c new/readconf.c |
14 --- old/readconf.c |
14 --- old/readconf.c |
15 +++ new/readconf.c |
15 +++ new/readconf.c |
16 @@ -1803,7 +1803,11 @@ fill_default_options(Options * options) |
16 @@ -1936,7 +1936,11 @@ fill_default_options(Options * options) |
17 if (options->forward_x11 == -1) |
17 if (options->forward_x11 == -1) |
18 options->forward_x11 = 0; |
18 options->forward_x11 = 0; |
19 if (options->forward_x11_trusted == -1) |
19 if (options->forward_x11_trusted == -1) |
20 +#ifdef OPTION_DEFAULT_VALUE |
20 +#ifdef OPTION_DEFAULT_VALUE |
21 + options->forward_x11_trusted = 1; |
21 + options->forward_x11_trusted = 1; |
22 +#else |
22 +#else |
23 options->forward_x11_trusted = 0; |
23 options->forward_x11_trusted = 0; |
24 +#endif |
24 +#endif |
25 if (options->forward_x11_timeout == -1) |
25 if (options->forward_x11_timeout == -1) |
26 options->forward_x11_timeout = 1200; |
26 options->forward_x11_timeout = 1200; |
27 if (options->exit_on_forward_failure == -1) |
27 /* |
28 @@ -1825,7 +1829,11 @@ fill_default_options(Options * options) |
28 @@ -1969,7 +1973,11 @@ fill_default_options(Options * options) |
29 if (options->challenge_response_authentication == -1) |
29 if (options->challenge_response_authentication == -1) |
30 options->challenge_response_authentication = 1; |
30 options->challenge_response_authentication = 1; |
31 if (options->gss_authentication == -1) |
31 if (options->gss_authentication == -1) |
32 +#ifdef OPTION_DEFAULT_VALUE |
32 +#ifdef OPTION_DEFAULT_VALUE |
33 + options->gss_authentication = 1; |
33 + options->gss_authentication = 1; |
38 options->gss_deleg_creds = 0; |
38 options->gss_deleg_creds = 0; |
39 if (options->password_authentication == -1) |
39 if (options->password_authentication == -1) |
40 diff -pur old/servconf.c new/servconf.c |
40 diff -pur old/servconf.c new/servconf.c |
41 --- old/servconf.c |
41 --- old/servconf.c |
42 +++ new/servconf.c |
42 +++ new/servconf.c |
43 @@ -265,7 +265,11 @@ fill_default_server_options(ServerOption |
43 @@ -249,7 +249,11 @@ fill_default_server_options(ServerOption |
44 if (options->print_lastlog == -1) |
44 if (options->print_lastlog == -1) |
45 options->print_lastlog = 1; |
45 options->print_lastlog = 1; |
46 if (options->x11_forwarding == -1) |
46 if (options->x11_forwarding == -1) |
47 +#ifdef OPTION_DEFAULT_VALUE |
47 +#ifdef OPTION_DEFAULT_VALUE |
48 + options->x11_forwarding = 1; |
48 + options->x11_forwarding = 1; |
50 options->x11_forwarding = 0; |
50 options->x11_forwarding = 0; |
51 +#endif |
51 +#endif |
52 if (options->x11_display_offset == -1) |
52 if (options->x11_display_offset == -1) |
53 options->x11_display_offset = 10; |
53 options->x11_display_offset = 10; |
54 if (options->x11_use_localhost == -1) |
54 if (options->x11_use_localhost == -1) |
55 @@ -303,7 +307,11 @@ fill_default_server_options(ServerOption |
55 @@ -283,7 +287,11 @@ fill_default_server_options(ServerOption |
56 if (options->kerberos_get_afs_token == -1) |
56 if (options->kerberos_get_afs_token == -1) |
57 options->kerberos_get_afs_token = 0; |
57 options->kerberos_get_afs_token = 0; |
58 if (options->gss_authentication == -1) |
58 if (options->gss_authentication == -1) |
59 +#ifdef OPTION_DEFAULT_VALUE |
59 +#ifdef OPTION_DEFAULT_VALUE |
60 + options->gss_authentication = 1; |
60 + options->gss_authentication = 1; |
65 options->gss_cleanup_creds = 1; |
65 options->gss_cleanup_creds = 1; |
66 if (options->gss_strict_acceptor == -1) |
66 if (options->gss_strict_acceptor == -1) |
67 diff -pur old/ssh_config.5 new/ssh_config.5 |
67 diff -pur old/ssh_config.5 new/ssh_config.5 |
68 --- old/ssh_config.5 |
68 --- old/ssh_config.5 |
69 +++ new/ssh_config.5 |
69 +++ new/ssh_config.5 |
70 @@ -802,8 +802,8 @@ Furthermore, the |
70 @@ -714,12 +714,11 @@ The default is to disable untrusted X11 |
71 token used for the session will be set to expire after 20 minutes. |
71 elapsed. |
72 Remote clients will be refused access after this time. |
72 .It Cm ForwardX11Trusted |
|
73 If this option is set to |
|
74 -.Cm yes , |
|
75 +.Cm yes (the default on Solaris), |
|
76 remote X11 clients will have full access to the original X11 display. |
73 .Pp |
77 .Pp |
74 -The default is |
78 If this option is set to |
75 -.Dq no . |
79 -.Cm no |
76 +The default on Solaris is |
80 -(the default), |
77 +.Dq yes . |
81 +.Cm no, |
78 .Pp |
82 remote X11 clients will be considered untrusted and prevented |
79 See the X11 SECURITY extension specification for full details on |
83 from stealing or tampering with data belonging to trusted X11 |
80 the restrictions imposed on untrusted clients. |
84 clients. |
81 @@ -832,8 +832,8 @@ The default is |
85 @@ -754,8 +753,8 @@ The default is |
82 .Pa /etc/ssh/ssh_known_hosts2 . |
86 .Pa /etc/ssh/ssh_known_hosts2 . |
83 .It Cm GSSAPIAuthentication |
87 .It Cm GSSAPIAuthentication |
84 Specifies whether user authentication based on GSSAPI is allowed. |
88 Specifies whether user authentication based on GSSAPI is allowed. |
85 -The default is |
89 -The default is |
86 -.Dq no . |
90 -.Cm no . |
87 +The default on Solaris is |
91 +The default on Solaris is |
88 +.Dq yes . |
92 +.Cm yes . |
89 .It Cm GSSAPIDelegateCredentials |
93 .It Cm GSSAPIDelegateCredentials |
90 Forward (delegate) credentials to the server. |
94 Forward (delegate) credentials to the server. |
91 The default is |
95 The default is |
92 diff -pur old/sshd_config.5 new/sshd_config.5 |
96 diff -pur old/sshd_config.5 new/sshd_config.5 |
93 --- old/sshd_config.5 |
97 --- old/sshd_config.5 |
94 +++ new/sshd_config.5 |
98 +++ new/sshd_config.5 |
95 @@ -621,8 +621,8 @@ The default is |
99 @@ -621,8 +621,8 @@ The default is |
96 .Dq no . |
100 .Cm no . |
97 .It Cm GSSAPIAuthentication |
101 .It Cm GSSAPIAuthentication |
98 Specifies whether user authentication based on GSSAPI is allowed. |
102 Specifies whether user authentication based on GSSAPI is allowed. |
99 -The default is |
103 -The default is |
100 -.Dq no . |
104 -.Cm no . |
101 +The default on Solaris is |
105 +The default on Solaris is |
102 +.Dq yes . |
106 +.Cm yes . |
103 .It Cm GSSAPICleanupCredentials |
107 .It Cm GSSAPICleanupCredentials |
104 Specifies whether to automatically destroy the user's credentials cache |
108 Specifies whether to automatically destroy the user's credentials cache |
105 on logout. |
109 on logout. |
106 @@ -1637,8 +1637,8 @@ The argument must be |
110 @@ -1527,8 +1527,8 @@ The argument must be |
107 .Dq yes |
111 .Cm yes |
108 or |
112 or |
109 .Dq no . |
113 .Cm no . |
110 -The default is |
114 -The default is |
111 -.Dq no . |
115 -.Cm no . |
112 +The default on Solaris is |
116 +The default on Solaris is |
113 +.Dq yes . |
117 +.Cm yes . |
114 .Pp |
118 .Pp |
115 When X11 forwarding is enabled, there may be additional exposure to |
119 When X11 forwarding is enabled, there may be additional exposure to |
116 the server and to client displays if the |
120 the server and to client displays if the |