assar
116337ea17
(do_authloop): handle !KRB4 && KRB5
2001-06-16 07:44:17 +00:00
markm
5fa9d6f739
Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 does
...
not imply that you want, need or have kerberosIV headers.
2001-06-15 08:12:31 +00:00
green
fdb0c1688a
Enable Kerberos 5 support in sshd again.
2001-06-12 03:43:47 +00:00
green
45d207659b
Switch to the user's uid before attempting to unlink the auth forwarding
...
file, nullifying the effects of a race.
Obtained from: OpenBSD
2001-06-08 22:22:09 +00:00
obrien
a26134411c
Fix $FreeBSD$ style committer messed up in rev 1.7 for some reason.
2001-05-24 07:22:08 +00:00
dillon
0c1af1bd68
Oops, forgot the 'u' in the getopt for the previous commit.
2001-05-24 00:14:19 +00:00
dillon
9ff666d52d
A feature to allow one to telnet to a unix domain socket. (MFC from
...
non-crypto version)
Also update the crypto telnet's man page to reflect other options
ported from the non-crypto version.
Obtained from: Lyndon Nerenberg <lyndon@orthanc.ab.ca>
2001-05-23 22:54:07 +00:00
kris
445c7928a1
Resolve conflicts
2001-05-20 03:17:35 +00:00
kris
d8a086ad88
This commit was generated by cvs2svn to compensate for changes in r76866,
...
which included commits to RCS files with non-trunk default branches.
2001-05-20 03:07:21 +00:00
kris
12896e829e
Initial import of OpenSSL 0.9.6a
2001-05-20 03:07:21 +00:00
obrien
bac609c202
Restore the RSA host key to /etc/ssh/ssh_host_key.
...
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
2001-05-18 18:10:02 +00:00
nsayer
e25576d211
Make the PAM user-override actually override the correect thing.
2001-05-17 16:28:11 +00:00
peter
859d222e45
Back out last commit. This was already fixed. This should never have
...
happened, this is why we have commit mail expressly delivered to
committers.
2001-05-17 03:14:42 +00:00
peter
fdd845cf6b
Fix the latest telnet breakage. Obviously this was never compiled.
2001-05-17 03:13:00 +00:00
nsayer
295844e3ff
Since the root-on-insecure-tty code was added to telnetd, a dependency
...
on char *line was added to libtelnet. Put a dummy one in to keep the
linker happy.
2001-05-16 20:34:42 +00:00
nsayer
02a47b1303
Make sure the protocol actively rejects bad data rather than
...
(potentially) not responding to an invalid SRA 'auth is' message.
2001-05-16 20:24:58 +00:00
nsayer
280add2b35
srandomdev() affords us the opportunity to radically improve, and at the
...
same time simplify, the random number selection code.
2001-05-16 18:32:46 +00:00
nsayer
ca01fb27dc
Catch any attempted buffer overflows. The magic numbers in this code
...
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.
Submitted by: kris
2001-05-16 18:27:09 +00:00
nsayer
ce94eedfd7
Catch malloc return failures. This should help avoid dereferencing NULL on
...
low-memory situations.
Submitted by: kris
2001-05-16 18:17:55 +00:00
peter
6125cb47e3
Hack to work around braindeath in libtelnet:sra.c. The sra.o file
...
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
2001-05-15 09:52:03 +00:00
nsayer
2bdf180df8
If the uid of the attempted authentication is 0 and if the pty is
...
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
2001-05-15 04:47:14 +00:00
green
a407780211
If a host would exceed 16 characters in the utmp entry, record only
...
it's IP address/base host instead.
Submitted by: brian
2001-05-15 01:50:40 +00:00
ru
3add9296c0
mdoc(7) police: finished fixing conflicts in revision 1.18.
2001-05-14 18:13:34 +00:00
markm
cdb0cb9ccd
Fix make world in the kerberosIV case.
2001-05-11 09:36:17 +00:00
assar
afb22517a4
merge imported changes into HEAD
2001-05-11 00:14:02 +00:00
alfred
bd16bfd06f
Fix some of the handling in the pam module, don't unregister things
...
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.
Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
2001-05-09 03:40:37 +00:00
green
9c961719a9
Since PAM is broken, let pam_setcred() failure be non-fatal.
2001-05-08 22:30:18 +00:00
assar
b9733926af
This commit was generated by cvs2svn to compensate for changes in r76371,
...
which included commits to RCS files with non-trunk default branches.
2001-05-08 14:57:13 +00:00
assar
06c859ecf5
mdoc(ng) fixes
...
Submitted by: ru
2001-05-08 14:57:13 +00:00
assar
a4ee56e2bb
mdoc(ng) fixes
...
Submitted by: ru
2001-05-08 14:57:13 +00:00
nsayer
b47830be3e
Pointy hat fix -- reapply the SRA PAM patch. To -current this time.
2001-05-07 20:42:02 +00:00
green
3f59c74031
sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc.
2001-05-05 13:48:13 +00:00
green
094816f4b2
Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
...
(Missing Delta Brigade, tally-ho!)
2001-05-05 01:12:45 +00:00
green
729aac1a81
Get ssh(1) compiling with MAKE_KERBEROS5.
2001-05-04 04:37:49 +00:00
green
d1f65ecd2b
Remove obsoleted files.
2001-05-04 04:15:22 +00:00
green
119a11eb6b
Fix conflicts for OpenSSH 2.9.
2001-05-04 04:14:23 +00:00
green
08fd06354d
This commit was generated by cvs2svn to compensate for changes in r76259,
...
which included commits to RCS files with non-trunk default branches.
2001-05-04 03:57:05 +00:00
green
8acd87ac47
Say "hi" to the latest in the OpenSSH series, version 2.9!
...
Happy birthday to: rwatson
2001-05-04 03:57:05 +00:00
green
461d7e1472
Add a "VersionAddendum" configuration setting for sshd which allows
...
anyone to easily change the part of the OpenSSH version after the main
version number. The FreeBSD-specific version banner could be disabled
that way, for example:
# Call ourselves plain OpenSSH
VersionAddendum
2001-05-03 00:29:28 +00:00
green
6d6d6e45ee
Backout completely canonical lookup modifications.
2001-05-03 00:26:47 +00:00
markm
10249e46a3
Toss into attic stuff we don't use.
2001-04-14 09:48:26 +00:00
ru
8e59fdc98e
mdoc(7) police: removed hard sentence breaks introduced in rev.1.10.
2001-04-13 08:49:52 +00:00
nsayer
311a1c9e61
Clean up telnet's argument processing a bit. autologin and encryption is
...
now the default, so ignore the arguments that turn it on. Add a new -y
argument to turn off encryption in case someone wants to do that. Sync
these changes with the man page (including removing the now obsolete
statement about availability only in the US and Canada).
2001-04-06 15:56:10 +00:00
nsayer
66051d03dc
Reactivate SRA.
...
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
2001-04-05 14:09:15 +00:00
green
b9a62213ae
Suggested by kris, OpenSSH shall have a version designated to note that
...
it's not "plain" OpenSSH 2.3.0.
2001-03-20 02:11:25 +00:00
green
e1c06db961
Make password attacks based on traffic analysis harder by requiring that
...
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.
Obtained from: OpenBSD
2001-03-20 02:06:40 +00:00
nsayer
392858ffd3
Fix core noted in -stable with 'auth disable SRA'.
...
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
2001-03-18 09:44:25 +00:00
asmodai
355885cfa7
Fix double mention of ssh.
...
This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.
PR: 25743
Submitted by: David Wolfskill <dhw@whistle.com>
2001-03-15 09:24:40 +00:00
green
8b51db0ce8
Don't dump core when an attempt is made to login using protocol 2 with
...
an invalid user name.
2001-03-15 03:15:18 +00:00
assar
95047bd0c5
(try_krb5_authentication): simplify code. from joda@netbsd.org
2001-03-13 04:42:38 +00:00