rpms/openssh
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gssapi credentials need to be stored before a pam session opened (#987792)

Browse Source
This commit is contained in:
Petr Lautrbach 2013-07-31 13:40:20 +02:00
parent 115aad3f92
commit b20efed7e1
1 changed files with 0 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
openssh-6.2p1-gsskex.patch
View File

@ -2846,35 +2846,6 @@ diff -up openssh-6.2p1/sshd.c.gsskex openssh-6.2p1/sshd.c
/*
* We don't want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is
@@ -2139,14 +2200,6 @@ main(int ac, char **av)
#ifdef SSH_AUDIT_EVENTS
audit_event(SSH_AUTH_SUCCESS);
#endif
-
-#ifdef GSSAPI
- if (options.gss_authentication) {
- temporarily_use_uid(authctxt->pw);
- ssh_gssapi_storecreds();
- restore_uid();
- }
-#endif
#ifdef WITH_SELINUX
ssh_selinux_setup_exec_context(authctxt->pw->pw_name);
#endif
@@ -2156,6 +2209,13 @@ main(int ac, char **av)
do_pam_session();
}
#endif
+#ifdef GSSAPI
+ if (options.gss_authentication) {
+ temporarily_use_uid(authctxt->pw);
+ ssh_gssapi_storecreds();
+ restore_uid();
+ }
+#endif
/*
* In privilege separation, we fork another child and prepare
@@ -2466,6 +2526,48 @@ do_ssh2_kex(void)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();