Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
19570656 GSSAPIAuthentication option should default to yes
authorHuie-Ying Lee <huieying.lee@oracle.com>
Mon, 08 Sep 2014 14:25:08 -0700
changeset 2072 a9add2444420
parent 2071 521c7d4794e9
child 2073 3fb5ed4f42cd
19570656 GSSAPIAuthentication option should default to yes
components/openssh/Makefile file | annotate | diff | comparison | revisions
components/openssh/patches/017-option_default_value.patch file | annotate | diff | comparison | revisions 
--- a/components/openssh/Makefile	Fri Sep 05 11:42:19 2014 -0600
+++ b/components/openssh/Makefile	Mon Sep 08 14:25:08 2014 -0700
@@ -47,7 +47,17 @@
 # Enable ASLR for this component
 ASLR_MODE = $(ASLR_ENABLE)
 
-CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS) -DSET_USE_PAM -DDEPRECATE_SUNSSH_OPT -DKRB5_BUILD_FIX -DAUE_openssh=6172 -DDTRACE_SFTP -DDISABLE_BANNER -DPAM_ENHANCEMENT -DPAM_BUGFIX"
+CFLAGS += -DSET_USE_PAM
+CFLAGS += -DDEPRECATE_SUNSSH_OPT
+CFLAGS += -DKRB5_BUILD_FIX
+CFLAGS += -DAUE_openssh=6172
+CFLAGS += -DDTRACE_SFTP
+CFLAGS += -DDISABLE_BANNER
+CFLAGS += -DPAM_ENHANCEMENT
+CFLAGS += -DPAM_BUGFIX
+CFLAGS += -DOPTION_DEFAULT_VALUE
+
+CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)" 
 
 # We need to disable lazyloading of dynamic dependent libraries. During the
 # pre-authentication phase, sshd will chroot to /var/empty which doesn't
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/017-option_default_value.patch	Mon Sep 08 14:25:08 2014 -0700
@@ -0,0 +1,60 @@
+#
+# The default value of the GSSAPIAuthentication option is yes in SunSSH, but
+# no in OpenSSH. To make the transition smoother from SunSSH to OpenSSH, we 
+# change the default value of this option to be yes in OpenSSH also. This is
+# for Solaris only, we will not contribute back this changes to the upstream.
+#
+--- orig/readconf.c	Thu Sep  4 17:27:04 2014
++++ new/readconf.c	Thu Sep  4 17:51:24 2014
[email protected]@ -1593,7 +1593,11 @@
+ 	if (options->challenge_response_authentication == -1)
+ 		options->challenge_response_authentication = 1;
+ 	if (options->gss_authentication == -1)
++#ifdef OPTION_DEFAULT_VALUE
++		options->gss_authentication = 1;
++#else
+ 		options->gss_authentication = 0;
++#endif
+ 	if (options->gss_deleg_creds == -1)
+ 		options->gss_deleg_creds = 0;
+ 	if (options->password_authentication == -1)
+--- orig/servconf.c	Thu Sep  4 17:17:58 2014
++++ new/servconf.c	Thu Sep  4 17:50:50 2014
[email protected]@ -244,7 +244,11 @@
+ 	if (options->kerberos_get_afs_token == -1)
+ 		options->kerberos_get_afs_token = 0;
+ 	if (options->gss_authentication == -1)
++#ifdef OPTION_DEFAULT_VALUE
++		options->gss_authentication = 1;
++#else
+ 		options->gss_authentication = 0;
++#endif
+ 	if (options->gss_cleanup_creds == -1)
+ 		options->gss_cleanup_creds = 1;
+ 	if (options->password_authentication == -1)
+--- orig/ssh_config.5	Thu Sep  4 17:58:05 2014
++++ new/ssh_config.5	Thu Sep  4 17:59:06 2014
[email protected]@ -673,8 +673,8 @@
+ .Pa /etc/ssh/ssh_known_hosts2 .
+ .It Cm GSSAPIAuthentication
+ Specifies whether user authentication based on GSSAPI is allowed.
+-The default is
+-.Dq no .
++The default on Solaris is
++.Dq yes .
+ Note that this option applies to protocol version 2 only.
+ .It Cm GSSAPIDelegateCredentials
+ Forward (delegate) credentials to the server.
+--- orig/sshd_config.5	Thu Sep  4 17:58:07 2014
++++ new/sshd_config.5	Thu Sep  4 17:59:40 2014
[email protected]@ -490,8 +490,8 @@
+ .Dq no .
+ .It Cm GSSAPIAuthentication
+ Specifies whether user authentication based on GSSAPI is allowed.
+-The default is
+-.Dq no .
++The default on Solaris is
++.Dq yes .
+ Note that this option applies to protocol version 2 only.
+ .It Cm GSSAPICleanupCredentials
+ Specifies whether to automatically destroy the user's credentials cache
upstream/oracle/userland-gate