* Fix sshd/inittab advice in README.Debian to account for rc.d movement

  (closes: #450632).

3 files changed, 34 insertions, 1 deletions

diff --git a/debian/README.Debian b/debian/README.Debian
index 6b7ce8691..fd65df66e 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -250,7 +250,7 @@ stop'), add the following line to /etc/inittab, and run 'telinit q':
   ss:2345:respawn:/usr/sbin/sshd -D
 
 If you do this, note that you will need to stop sshd being started in the
-normal way ('rm -f /etc/rc[2345].d/S20ssh') and that you will need to
+normal way ('rm -f /etc/rc[2345].d/S16ssh') and that you will need to
 restart this sshd manually on upgrades.
 
 --
diff --git a/debian/changelog b/debian/changelog
index 2f9239b30..44996ca79 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ openssh (1:4.6p1-6) UNRELEASED; urgency=low
     Pospisek; closes: #441817).
   * Discard error output from dpkg-query in preinsts, in case the ssh
     metapackage is not installed.
+  * Fix sshd/inittab advice in README.Debian to account for rc.d movement
+    (closes: #450632).
   * debconf template translations:
     - Add Slovak (thanks, Ivan Masár; closes: #441690).
     - Update Brazilian Portuguese (thanks, Eder L. Marques;
diff --git a/gss-genr.c b/gss-genr.c
index 42f942b58..6eb8e4754 100644
--- a/gss-genr.c
+++ b/gss-genr.c
@@ -44,6 +44,11 @@
 #include "kex.h"
 #include <openssl/evp.h>
 
+#ifdef KRB5
+# include <krb5.h>
+# include <profile.h>
+#endif /* KRB5 */
+
 #include "ssh-gss.h"
 
 extern u_char *session_id2;
@@ -290,6 +295,32 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
 void
 ssh_gssapi_build_ctx(Gssctxt **ctx)
 {
+#ifdef KRB5
+        static int gss_configured = 0;
+
+        if (!gss_configured) {
+                /* Tell the GSSAPI library not to canonicalise names. */
+                krb5_context krb5_ctx;
+                profile_t profile;
+                krb5_error_code problem;
+
+                problem = krb5_init_context(&krb5_ctx);
+                if (!problem) {
+                        problem = krb5_get_profile(krb5_ctx, &profile);
+                        if (!problem) {
+                                const char *names[3];
+                                names[0] = "libdefaults";
+                                names[1] = "rdns";
+                                names[2] = 0;
+                                profile_clear_relation(profile, names);
+                                profile_add_relation(profile, names, "n");
+                        }
+                }
+
+                gss_configured = 1;
+        }
+#endif /* KRB5 */
+
         *ctx = xcalloc(1, sizeof (Gssctxt));
         (*ctx)->context = GSS_C_NO_CONTEXT;
         (*ctx)->name = GSS_C_NO_NAME;