1 # |
1 # |
2 # The default value of the GSSAPIAuthentication option is yes in SunSSH, but |
2 # Some options in OpenSSH have different default values from those in SunSSH. |
3 # no in OpenSSH. To make the transition smoother from SunSSH to OpenSSH, we |
3 # To make the transition smoother from SunSSH to OpenSSH, we change default |
4 # change the default value of this option to be yes in OpenSSH also. This is |
4 # values for the following options to be as same as those in SunSSH. |
5 # for Solaris only, we will not contribute back this changes to the upstream. |
5 # |
|
6 # GSSAPIAuthentication (for both server and client) |
|
7 # X11Forwarding (for server) |
|
8 # ForwardX11Trusted (for client) |
|
9 # |
|
10 # This is for Solaris only, we will not contribute back these changes to the |
|
11 # upstream. |
6 # |
12 # |
7 --- orig/readconf.c Thu Sep 4 17:27:04 2014 |
13 --- orig/readconf.c Thu Sep 4 17:27:04 2014 |
8 +++ new/readconf.c Thu Sep 4 17:51:24 2014 |
14 +++ new/readconf.c Tue Sep 9 17:33:50 2014 |
9 @@ -1593,7 +1593,11 @@ |
15 @@ -1575,7 +1575,11 @@ |
|
16 if (options->forward_x11 == -1) |
|
17 options->forward_x11 = 0; |
|
18 if (options->forward_x11_trusted == -1) |
|
19 +#ifdef OPTION_DEFAULT_VALUE |
|
20 + options->forward_x11_trusted = 1; |
|
21 +#else |
|
22 options->forward_x11_trusted = 0; |
|
23 +#endif |
|
24 if (options->forward_x11_timeout == -1) |
|
25 options->forward_x11_timeout = 1200; |
|
26 if (options->exit_on_forward_failure == -1) |
|
27 @@ -1593,7 +1597,11 @@ |
10 if (options->challenge_response_authentication == -1) |
28 if (options->challenge_response_authentication == -1) |
11 options->challenge_response_authentication = 1; |
29 options->challenge_response_authentication = 1; |
12 if (options->gss_authentication == -1) |
30 if (options->gss_authentication == -1) |
13 +#ifdef OPTION_DEFAULT_VALUE |
31 +#ifdef OPTION_DEFAULT_VALUE |
14 + options->gss_authentication = 1; |
32 + options->gss_authentication = 1; |
17 +#endif |
35 +#endif |
18 if (options->gss_deleg_creds == -1) |
36 if (options->gss_deleg_creds == -1) |
19 options->gss_deleg_creds = 0; |
37 options->gss_deleg_creds = 0; |
20 if (options->password_authentication == -1) |
38 if (options->password_authentication == -1) |
21 --- orig/servconf.c Thu Sep 4 17:17:58 2014 |
39 --- orig/servconf.c Thu Sep 4 17:17:58 2014 |
22 +++ new/servconf.c Thu Sep 4 17:50:50 2014 |
40 +++ new/servconf.c Tue Sep 9 17:36:32 2014 |
23 @@ -244,7 +244,11 @@ |
41 @@ -208,7 +208,11 @@ |
|
42 if (options->print_lastlog == -1) |
|
43 options->print_lastlog = 1; |
|
44 if (options->x11_forwarding == -1) |
|
45 +#ifdef OPTION_DEFAULT_VALUE |
|
46 + options->x11_forwarding = 1; |
|
47 +#else |
|
48 options->x11_forwarding = 0; |
|
49 +#endif |
|
50 if (options->x11_display_offset == -1) |
|
51 options->x11_display_offset = 10; |
|
52 if (options->x11_use_localhost == -1) |
|
53 @@ -244,7 +248,11 @@ |
24 if (options->kerberos_get_afs_token == -1) |
54 if (options->kerberos_get_afs_token == -1) |
25 options->kerberos_get_afs_token = 0; |
55 options->kerberos_get_afs_token = 0; |
26 if (options->gss_authentication == -1) |
56 if (options->gss_authentication == -1) |
27 +#ifdef OPTION_DEFAULT_VALUE |
57 +#ifdef OPTION_DEFAULT_VALUE |
28 + options->gss_authentication = 1; |
58 + options->gss_authentication = 1; |
31 +#endif |
61 +#endif |
32 if (options->gss_cleanup_creds == -1) |
62 if (options->gss_cleanup_creds == -1) |
33 options->gss_cleanup_creds = 1; |
63 options->gss_cleanup_creds = 1; |
34 if (options->password_authentication == -1) |
64 if (options->password_authentication == -1) |
35 --- orig/ssh_config.5 Thu Sep 4 17:58:05 2014 |
65 --- orig/ssh_config.5 Thu Sep 4 17:58:05 2014 |
36 +++ new/ssh_config.5 Thu Sep 4 17:59:06 2014 |
66 +++ new/ssh_config.5 Tue Sep 9 17:48:39 2014 |
|
67 @@ -643,8 +643,8 @@ |
|
68 token used for the session will be set to expire after 20 minutes. |
|
69 Remote clients will be refused access after this time. |
|
70 .Pp |
|
71 -The default is |
|
72 -.Dq no . |
|
73 +The default on Solaris is |
|
74 +.Dq yes . |
|
75 .Pp |
|
76 See the X11 SECURITY extension specification for full details on |
|
77 the restrictions imposed on untrusted clients. |
37 @@ -673,8 +673,8 @@ |
78 @@ -673,8 +673,8 @@ |
38 .Pa /etc/ssh/ssh_known_hosts2 . |
79 .Pa /etc/ssh/ssh_known_hosts2 . |
39 .It Cm GSSAPIAuthentication |
80 .It Cm GSSAPIAuthentication |
40 Specifies whether user authentication based on GSSAPI is allowed. |
81 Specifies whether user authentication based on GSSAPI is allowed. |
41 -The default is |
82 -The default is |
44 +.Dq yes . |
85 +.Dq yes . |
45 Note that this option applies to protocol version 2 only. |
86 Note that this option applies to protocol version 2 only. |
46 .It Cm GSSAPIDelegateCredentials |
87 .It Cm GSSAPIDelegateCredentials |
47 Forward (delegate) credentials to the server. |
88 Forward (delegate) credentials to the server. |
48 --- orig/sshd_config.5 Thu Sep 4 17:58:07 2014 |
89 --- orig/sshd_config.5 Thu Sep 4 17:58:07 2014 |
49 +++ new/sshd_config.5 Thu Sep 4 17:59:40 2014 |
90 +++ new/sshd_config.5 Tue Sep 9 17:49:58 2014 |
50 @@ -490,8 +490,8 @@ |
91 @@ -490,8 +490,8 @@ |
51 .Dq no . |
92 .Dq no . |
52 .It Cm GSSAPIAuthentication |
93 .It Cm GSSAPIAuthentication |
53 Specifies whether user authentication based on GSSAPI is allowed. |
94 Specifies whether user authentication based on GSSAPI is allowed. |
54 -The default is |
95 -The default is |
56 +The default on Solaris is |
97 +The default on Solaris is |
57 +.Dq yes . |
98 +.Dq yes . |
58 Note that this option applies to protocol version 2 only. |
99 Note that this option applies to protocol version 2 only. |
59 .It Cm GSSAPICleanupCredentials |
100 .It Cm GSSAPICleanupCredentials |
60 Specifies whether to automatically destroy the user's credentials cache |
101 Specifies whether to automatically destroy the user's credentials cache |
|
102 @@ -1239,8 +1239,8 @@ |
|
103 .Dq yes |
|
104 or |
|
105 .Dq no . |
|
106 -The default is |
|
107 -.Dq no . |
|
108 +The default on Solaris is |
|
109 +.Dq yes . |
|
110 .Pp |
|
111 When X11 forwarding is enabled, there may be additional exposure to |
|
112 the server and to client displays if the |