* Create transitional ssh-krb5 package which enables GSSAPI configuration

in sshd_config. * Default client to attempting GSSAPI authentication. * Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's found.
author: Colin Watson <cjwatson@debian.org> 2006-12-06 04:46:43 +0000
committer: Colin Watson <cjwatson@debian.org> 2006-12-06 04:46:43 +0000
commit: 879756082fbdacc158ba04e8f770a1229c3daef4 (patch)
tree: ee240cb73f5e1d9d6c698242c95dc221ef5127c8 /debian
parent: ce57532d1450edba31c7a98937966a857cc2c397 (diff)
8 files changed, 140 insertions, 6 deletions
diff --git a/debian/changelog b/debian/changelog
index b01b5cab7..aa1403e67 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,16 @@
 openssh (1:4.3p2-7) UNRELEASED; urgency=low
+  [ Colin Watson ]
  * Ignore errors from usermod when changing sshd's shell, since it will
    fail if the sshd user is not local (closes: #398436).
+  [ Russ Allbery ]
+  * Create transitional ssh-krb5 package which enables GSSAPI configuration
+    in sshd_config.
+  * Default client to attempting GSSAPI authentication.
+  * Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's
+    found.
 -- Colin Watson <cjwatson@debian.org>  Mon, 20 Nov 2006 14:57:16 +0000
 openssh (1:4.3p2-6) unstable; urgency=low
diff --git a/debian/control b/debian/control
index adfeca226..0f77b73db 100644
--- a/debian/control
+++ b/debian/control
@@ -9,8 +9,8 @@ Uploaders: Colin Watson <cjwatson@debian.org>
 Package: openssh-client
 Architecture: any
 Depends: ${shlibs:Depends}, ${debconf-depends}, adduser (>= 3.10), dpkg (>= 1.7.0), passwd
-Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5
+Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
-Replaces: ssh (<< 1:3.8.1p1-9), ssh-krb5
+Replaces: ssh (<< 1:3.8.1p1-9), ssh-krb5 (<< 1:4.3p2-7)
 Suggests: ssh-askpass, xbase-clients
 Provides: rsh-client, ssh-client
 Description: Secure shell client, an rlogin/rsh/rcp replacement
@@ -39,8 +39,8 @@ Package: openssh-server
 Priority: optional
 Architecture: any
 Depends: ${shlibs:Depends}, ${debconf-depends}, ${pam-depends}, libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${Source-Version})
-Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5
+Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
-Replaces: ssh (<< 1:3.8.1p1-9), openssh-client (<< 1:3.8.1p1-11), ssh-krb5
+Replaces: ssh (<< 1:3.8.1p1-9), openssh-client (<< 1:3.8.1p1-11), ssh-krb5 (<< 1:4.3p2-7)
 Suggests: ssh-askpass, xbase-clients, rssh, molly-guard
 Provides: ssh-server
 Description: Secure shell server, an rshd replacement
@@ -72,6 +72,16 @@ Description: Secure shell client and server (transitional package)
 the OpenSSH server, which are now in separate packages. You may remove
 it once the upgrade is complete and nothing depends on it.
+Package: ssh-krb5
+Priority: extra
+Architecture: all
+Depends: openssh-client, openssh-server
+Description: Secure shell client and server (transitional package)
+ This is a transitional package depending on the regular Debian OpenSSH
+ client and server, which now support GSSAPI natively.  It will add the
+ necessary GSSAPI options to the server configuration file.  You can
+ remove it once the upgrade is complete and nothing depends on it.
 Package: ssh-askpass-gnome
 Section: gnome
 Priority: optional
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index bd14ba66e..2d7dbc9ea 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -72,6 +72,17 @@ set_config_option() {
 }
+remove_obsolete_gssapi() {
+        grep -qi '^[    ]*GSSAPINoMICAuthentication' /etc/ssh/sshd_config \
+                || return 0
+        perl -pe 's/^(\s*GSSAPINoMICAuthentication)/\#$1/i' \
+                < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
+        chown --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
+        chmod --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
+        mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
+}
 host_keys_required() {
        hostkeys="$(get_config_option HostKey)"
        if [ "$hostkeys" ]; then
@@ -190,6 +201,9 @@ create_sshdconfig() {
                    move_subsystem_sftp
                fi
+                # Remove obsolete GSSAPI options.
+                remove_obsolete_gssapi
                return 0
            fi
        fi
diff --git a/debian/rules b/debian/rules
index 1ce189b6a..4404c28dd 100755
--- a/debian/rules
+++ b/debian/rules
@@ -166,7 +166,7 @@ install: build
        install -m 755 build-udeb/ssh-keygen debian/openssh-server-udeb/usr/bin/ssh-keygen
 # Build architecture-independent files here.
-binary-indep: binary-ssh
+binary-indep: binary-ssh binary-ssh-krb5
 # Build architecture-dependent files here.
 binary-arch: binary-openssh-client binary-openssh-server
@@ -244,6 +244,21 @@ binary-ssh: build install
        dh_md5sums
        dh_builddeb
+binary-ssh-krb5: DH_OPTIONS=-pssh-krb5
+binary-ssh-krb5: build install
+        dh_testdir
+        dh_testroot
+        dh_installdocs
+        mv debian/ssh-krb5/usr/share/doc/ssh-krb5 debian/ssh-krb5/usr/share/doc/openssh-client
+        rm -f debian/ssh-krb5/usr/share/doc/openssh-client/copyright
+        dh_link
+        dh_compress
+        dh_fixperms
+        dh_installdeb
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
 binary-ssh-askpass-gnome: DH_OPTIONS=-pssh-askpass-gnome
 binary-ssh-askpass-gnome: build install
        dh_testdir
@@ -292,5 +307,5 @@ binary: binary-indep binary-arch
 .PHONY: build clean binary-indep binary-arch binary install
 .PHONY: build-deb build-udeb
 .PHONY: binary-openssh-client binary-openssh-server binary-ssh
-.PHONY: binary-ssh-askpass-gnome
+.PHONY: binary-ssh-krb5 binary-ssh-askpass-gnome
 .PHONY: binary-openssh-client-udeb binary-openssh-server-udeb
diff --git a/debian/ssh-krb5.NEWS b/debian/ssh-krb5.NEWS
new file mode 100644
index 000000000..833c36328
--- /dev/null
+++ b/debian/ssh-krb5.NEWS
@@ -0,0 +1,18 @@
+ssh-krb5 (1:4.3p2-7) unstable; urgency=low
+  The normal openssh-server and openssh-client packages in Debian now
+  include full GSSAPI support, including key exchange.  This package is
+  now only a transitional package that depends on openssh-server and
+  openssh-client and configures openssh-server for GSSAPI configuration
+  if it wasn't already.
+  You can now simply install openssh-server and openssh-client directly
+  and remove this package.  Just make sure that /etc/ssh/sshd_config
+  contains:
+    GSSAPIAuthentication yes
+    GSSAPIKeyExchange yes
+  if you want to support GSSAPI authentication to your ssh server.
+ -- Russ Allbery <rra@debian.org>  Tue, 03 Oct 2006 22:27:27 -0700
diff --git a/debian/ssh-krb5.links b/debian/ssh-krb5.links
new file mode 100644
index 000000000..3334b9988
--- /dev/null
+++ b/debian/ssh-krb5.links
@@ -0,0 +1 @@
+usr/share/doc/openssh-client usr/share/doc/ssh-krb5
diff --git a/debian/ssh-krb5.postinst b/debian/ssh-krb5.postinst
new file mode 100644
index 000000000..989a66801
--- /dev/null
+++ b/debian/ssh-krb5.postinst
@@ -0,0 +1,54 @@
+#!/bin/sh
+set -e
+action="$1"
+oldversion="$2"
+if [ "$action" = configure ] ; then
+    if dpkg --compare-versions "$oldversion" lt-nl 1:4.3p2-7; then
+        if [ ! -L /usr/share/doc/ssh-krb5 ]; then
+            rm -rf /usr/share/doc/ssh-krb5
+            ln -s openssh-client /usr/share/doc/ssh-krb5
+        fi
+        # Replaced by /etc/init.d/ssh.
+        if [ -f /etc/init.d/ssh-krb5 ]; then
+            mv /etc/init.d/ssh-krb5 /etc/init.d/ssh-krb5.dpkg-old
+            update-rc.d ssh-krb5 remove || true
+        fi
+    fi
+    if dpkg --compare-versions "$oldversion" ge 1:4.3p2-7 || \
+       grep -qi '^[     ]*GSSAPI' /etc/ssh/sshd_config ; then
+        :
+    else
+        if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then
+            perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b/$1/i' \
+                < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
+            chown --reference /etc/ssh/sshd_config \
+                /etc/ssh/sshd_config.dpkg-new
+            chmod --reference /etc/ssh/sshd_config \
+                /etc/ssh/sshd_config.dpkg-new
+            mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
+        else
+            cat >> /etc/ssh/sshd_config <<EOF
+# GSSAPI authentication
+GSSAPIAuthentication yes
+GSSAPIKeyExchange yes
+EOF
+        fi
+        if [ -x /etc/init.d/ssh ] ; then
+            if [ -x /usr/sbin/invoke-rc.d ] ; then
+                invoke-rc.d ssh restart
+            else
+                /etc/init.d/ssh restart
+            fi
+        fi
+    fi
+fi
+#DEBHELPER#
+exit 0
diff --git a/debian/ssh-krb5.prerm b/debian/ssh-krb5.prerm
new file mode 100644
index 000000000..d3434e783
--- /dev/null
+++ b/debian/ssh-krb5.prerm
@@ -0,0 +1,14 @@
+#!/bin/sh -e
+case $1 in
+        upgrade)
+                if [ -L /usr/share/doc/ssh-krb5 ] && \
+                   dpkg --compare-versions "$2" lt-nl 1:4.3p2-7; then
+                        rm -f /usr/share/doc/ssh-krb5
+                fi
+                ;;
+esac
+#DEBHELPER#
+exit 0
author	Colin Watson <cjwatson@debian.org>	2006-12-06 04:46:43 +0000
committer	Colin Watson <cjwatson@debian.org>	2006-12-06 04:46:43 +0000
commit	879756082fbdacc158ba04e8f770a1229c3daef4 (patch)
tree	ee240cb73f5e1d9d6c698242c95dc221ef5127c8 /debian
parent	ce57532d1450edba31c7a98937966a857cc2c397 (diff)

diff --git a/debian/changelog b/debian/changelog index b01b5cab7..aa1403e67 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -1,8 +1,16 @@
1	openssh (1:4.3p2-7) UNRELEASED; urgency=low	1	openssh (1:4.3p2-7) UNRELEASED; urgency=low
2		2
		3	[ Colin Watson ]
3	* Ignore errors from usermod when changing sshd's shell, since it will	4	* Ignore errors from usermod when changing sshd's shell, since it will
4	fail if the sshd user is not local (closes: #398436).	5	fail if the sshd user is not local (closes: #398436).
5		6
		7	[ Russ Allbery ]
		8	* Create transitional ssh-krb5 package which enables GSSAPI configuration
		9	in sshd_config.
		10	* Default client to attempting GSSAPI authentication.
		11	* Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's
		12	found.
		13
6	-- Colin Watson <cjwatson@debian.org> Mon, 20 Nov 2006 14:57:16 +0000	14	-- Colin Watson <cjwatson@debian.org> Mon, 20 Nov 2006 14:57:16 +0000
7		15
8	openssh (1:4.3p2-6) unstable; urgency=low	16	openssh (1:4.3p2-6) unstable; urgency=low


diff --git a/debian/control b/debian/control index adfeca226..0f77b73db 100644 --- a/debian/control +++ b/debian/control
@@ -9,8 +9,8 @@ Uploaders: Colin Watson <cjwatson@debian.org>
9	Package: openssh-client	9	Package: openssh-client
10	Architecture: any	10	Architecture: any
11	Depends: ${shlibs:Depends}, ${debconf-depends}, adduser (>= 3.10), dpkg (>= 1.7.0), passwd	11	Depends: ${shlibs:Depends}, ${debconf-depends}, adduser (>= 3.10), dpkg (>= 1.7.0), passwd
12	Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5	12	Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
13	Replaces: ssh (<< 1:3.8.1p1-9), ssh-krb5	13	Replaces: ssh (<< 1:3.8.1p1-9), ssh-krb5 (<< 1:4.3p2-7)
14	Suggests: ssh-askpass, xbase-clients	14	Suggests: ssh-askpass, xbase-clients
15	Provides: rsh-client, ssh-client	15	Provides: rsh-client, ssh-client
16	Description: Secure shell client, an rlogin/rsh/rcp replacement	16	Description: Secure shell client, an rlogin/rsh/rcp replacement
@@ -39,8 +39,8 @@ Package: openssh-server
39	Priority: optional	39	Priority: optional
40	Architecture: any	40	Architecture: any
41	Depends: ${shlibs:Depends}, ${debconf-depends}, ${pam-depends}, libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${Source-Version})	41	Depends: ${shlibs:Depends}, ${debconf-depends}, ${pam-depends}, libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${Source-Version})
42	Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5	42	Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
43	Replaces: ssh (<< 1:3.8.1p1-9), openssh-client (<< 1:3.8.1p1-11), ssh-krb5	43	Replaces: ssh (<< 1:3.8.1p1-9), openssh-client (<< 1:3.8.1p1-11), ssh-krb5 (<< 1:4.3p2-7)
44	Suggests: ssh-askpass, xbase-clients, rssh, molly-guard	44	Suggests: ssh-askpass, xbase-clients, rssh, molly-guard
45	Provides: ssh-server	45	Provides: ssh-server
46	Description: Secure shell server, an rshd replacement	46	Description: Secure shell server, an rshd replacement
@@ -72,6 +72,16 @@ Description: Secure shell client and server (transitional package)
72	the OpenSSH server, which are now in separate packages. You may remove	72	the OpenSSH server, which are now in separate packages. You may remove
73	it once the upgrade is complete and nothing depends on it.	73	it once the upgrade is complete and nothing depends on it.
74		74
		75	Package: ssh-krb5
		76	Priority: extra
		77	Architecture: all
		78	Depends: openssh-client, openssh-server
		79	Description: Secure shell client and server (transitional package)
		80	This is a transitional package depending on the regular Debian OpenSSH
		81	client and server, which now support GSSAPI natively. It will add the
		82	necessary GSSAPI options to the server configuration file. You can
		83	remove it once the upgrade is complete and nothing depends on it.
		84
75	Package: ssh-askpass-gnome	85	Package: ssh-askpass-gnome
76	Section: gnome	86	Section: gnome
77	Priority: optional	87	Priority: optional


diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index bd14ba66e..2d7dbc9ea 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst
@@ -72,6 +72,17 @@ set_config_option() {
72	}	72	}
73		73
74		74
		75	remove_obsolete_gssapi() {
		76	grep -qi '^[ ]*GSSAPINoMICAuthentication' /etc/ssh/sshd_config \
		77	\|\| return 0
		78	perl -pe 's/^(\s*GSSAPINoMICAuthentication)/\#$1/i' \
		79	< /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
		80	chown --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
		81	chmod --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
		82	mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
		83	}
		84
		85
75	host_keys_required() {	86	host_keys_required() {
76	hostkeys="$(get_config_option HostKey)"	87	hostkeys="$(get_config_option HostKey)"
77	if [ "$hostkeys" ]; then	88	if [ "$hostkeys" ]; then
@@ -190,6 +201,9 @@ create_sshdconfig() {
190	move_subsystem_sftp	201	move_subsystem_sftp
191	fi	202	fi
192		203
		204	# Remove obsolete GSSAPI options.
		205	remove_obsolete_gssapi
		206
193	return 0	207	return 0
194	fi	208	fi
195	fi	209	fi


diff --git a/debian/rules b/debian/rules index 1ce189b6a..4404c28dd 100755 --- a/debian/rules +++ b/debian/rules
@@ -166,7 +166,7 @@ install: build
166	install -m 755 build-udeb/ssh-keygen debian/openssh-server-udeb/usr/bin/ssh-keygen	166	install -m 755 build-udeb/ssh-keygen debian/openssh-server-udeb/usr/bin/ssh-keygen
167		167
168	# Build architecture-independent files here.	168	# Build architecture-independent files here.
169	binary-indep: binary-ssh	169	binary-indep: binary-ssh binary-ssh-krb5
170		170
171	# Build architecture-dependent files here.	171	# Build architecture-dependent files here.
172	binary-arch: binary-openssh-client binary-openssh-server	172	binary-arch: binary-openssh-client binary-openssh-server
@@ -244,6 +244,21 @@ binary-ssh: build install
244	dh_md5sums	244	dh_md5sums
245	dh_builddeb	245	dh_builddeb
246		246
		247	binary-ssh-krb5: DH_OPTIONS=-pssh-krb5
		248	binary-ssh-krb5: build install
		249	dh_testdir
		250	dh_testroot
		251	dh_installdocs
		252	mv debian/ssh-krb5/usr/share/doc/ssh-krb5 debian/ssh-krb5/usr/share/doc/openssh-client
		253	rm -f debian/ssh-krb5/usr/share/doc/openssh-client/copyright
		254	dh_link
		255	dh_compress
		256	dh_fixperms
		257	dh_installdeb
		258	dh_gencontrol
		259	dh_md5sums
		260	dh_builddeb
		261
247	binary-ssh-askpass-gnome: DH_OPTIONS=-pssh-askpass-gnome	262	binary-ssh-askpass-gnome: DH_OPTIONS=-pssh-askpass-gnome
248	binary-ssh-askpass-gnome: build install	263	binary-ssh-askpass-gnome: build install
249	dh_testdir	264	dh_testdir
@@ -292,5 +307,5 @@ binary: binary-indep binary-arch
292	.PHONY: build clean binary-indep binary-arch binary install	307	.PHONY: build clean binary-indep binary-arch binary install
293	.PHONY: build-deb build-udeb	308	.PHONY: build-deb build-udeb
294	.PHONY: binary-openssh-client binary-openssh-server binary-ssh	309	.PHONY: binary-openssh-client binary-openssh-server binary-ssh
295	.PHONY: binary-ssh-askpass-gnome	310	.PHONY: binary-ssh-krb5 binary-ssh-askpass-gnome
296	.PHONY: binary-openssh-client-udeb binary-openssh-server-udeb	311	.PHONY: binary-openssh-client-udeb binary-openssh-server-udeb


diff --git a/debian/ssh-krb5.NEWS b/debian/ssh-krb5.NEWS new file mode 100644 index 000000000..833c36328 --- /dev/null +++ b/debian/ssh-krb5.NEWS
@@ -0,0 +1,18 @@
		1	ssh-krb5 (1:4.3p2-7) unstable; urgency=low
		2
		3	The normal openssh-server and openssh-client packages in Debian now
		4	include full GSSAPI support, including key exchange. This package is
		5	now only a transitional package that depends on openssh-server and
		6	openssh-client and configures openssh-server for GSSAPI configuration
		7	if it wasn't already.
		8
		9	You can now simply install openssh-server and openssh-client directly
		10	and remove this package. Just make sure that /etc/ssh/sshd_config
		11	contains:
		12
		13	GSSAPIAuthentication yes
		14	GSSAPIKeyExchange yes
		15
		16	if you want to support GSSAPI authentication to your ssh server.
		17
		18	-- Russ Allbery <rra@debian.org> Tue, 03 Oct 2006 22:27:27 -0700


diff --git a/debian/ssh-krb5.links b/debian/ssh-krb5.links new file mode 100644 index 000000000..3334b9988 --- /dev/null +++ b/debian/ssh-krb5.links
@@ -0,0 +1 @@
			usr/share/doc/openssh-client usr/share/doc/ssh-krb5


diff --git a/debian/ssh-krb5.postinst b/debian/ssh-krb5.postinst new file mode 100644 index 000000000..989a66801 --- /dev/null +++ b/debian/ssh-krb5.postinst
@@ -0,0 +1,54 @@
		1	#!/bin/sh
		2
		3	set -e
		4
		5	action="$1"
		6	oldversion="$2"
		7
		8	if [ "$action" = configure ] ; then
		9	if dpkg --compare-versions "$oldversion" lt-nl 1:4.3p2-7; then
		10	if [ ! -L /usr/share/doc/ssh-krb5 ]; then
		11	rm -rf /usr/share/doc/ssh-krb5
		12	ln -s openssh-client /usr/share/doc/ssh-krb5
		13	fi
		14
		15	# Replaced by /etc/init.d/ssh.
		16	if [ -f /etc/init.d/ssh-krb5 ]; then
		17	mv /etc/init.d/ssh-krb5 /etc/init.d/ssh-krb5.dpkg-old
		18	update-rc.d ssh-krb5 remove \|\| true
		19	fi
		20	fi
		21
		22	if dpkg --compare-versions "$oldversion" ge 1:4.3p2-7 \|\| \
		23	grep -qi '^[ ]*GSSAPI' /etc/ssh/sshd_config ; then
		24	:
		25	else
		26	if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then
		27	perl -pe 's/^\#(GSSAPI(Authentication\|KeyExchange))\b/$1/i' \
		28	< /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
		29	chown --reference /etc/ssh/sshd_config \
		30	/etc/ssh/sshd_config.dpkg-new
		31	chmod --reference /etc/ssh/sshd_config \
		32	/etc/ssh/sshd_config.dpkg-new
		33	mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
		34	else
		35	cat >> /etc/ssh/sshd_config <<EOF
		36
		37	# GSSAPI authentication
		38	GSSAPIAuthentication yes
		39	GSSAPIKeyExchange yes
		40	EOF
		41	fi
		42	if [ -x /etc/init.d/ssh ] ; then
		43	if [ -x /usr/sbin/invoke-rc.d ] ; then
		44	invoke-rc.d ssh restart
		45	else
		46	/etc/init.d/ssh restart
		47	fi
		48	fi
		49	fi
		50	fi
		51
		52	#DEBHELPER#
		53
		54	exit 0


diff --git a/debian/ssh-krb5.prerm b/debian/ssh-krb5.prerm new file mode 100644 index 000000000..d3434e783 --- /dev/null +++ b/debian/ssh-krb5.prerm
@@ -0,0 +1,14 @@
		1	#!/bin/sh -e
		2
		3	case $1 in
		4	upgrade)
		5	if [ -L /usr/share/doc/ssh-krb5 ] && \
		6	dpkg --compare-versions "$2" lt-nl 1:4.3p2-7; then
		7	rm -f /usr/share/doc/ssh-krb5
		8	fi
		9	;;
		10	esac
		11
		12	#DEBHELPER#
		13
		14	exit 0