equal
deleted
inserted
replaced
|
1 # |
|
2 # GSSAPIStrictAcceptorCheck should default to yes as documented |
|
3 # |
|
4 # When GSSAPIStrictAcceptorCheck is not explicitely specified in sshd_config, |
|
5 # the default value should be yes. It is documented in sshd_config(5) this |
|
6 # way and it preserves original behavior. |
|
7 # |
|
8 # Also GSSAPIStrictAcceptorCheck=no interacts poorly with GSSAPIKeyExchange, |
|
9 # where it make the server willing to negotiate GSS-API key exchange, although |
|
10 # no keytab was provided. |
|
11 # |
|
12 # Patch source: in-house |
|
13 # Reported upstream: |
|
14 # https://bugzilla.mindrot.org/show_bug.cgi?id=2637 |
|
15 # |
|
16 diff -pur old/servconf.c new/servconf.c |
|
17 --- old/servconf.c |
|
18 +++ new/servconf.c |
|
19 @@ -323,7 +323,7 @@ fill_default_server_options(ServerOption |
|
20 if (options->gss_cleanup_creds == -1) |
|
21 options->gss_cleanup_creds = 1; |
|
22 if (options->gss_strict_acceptor == -1) |
|
23 - options->gss_strict_acceptor = 0; |
|
24 + options->gss_strict_acceptor = 1; |
|
25 if (options->password_authentication == -1) |
|
26 options->password_authentication = 1; |
|
27 if (options->kbd_interactive_authentication == -1) |