6 files changed, 22 insertions, 90 deletions
diff --git a/ChangeLog b/ChangeLog
index a6e2446e5..97acfef06 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,10 @@
   - markus@cvs.openbsd.org 2003/05/15 00:28:28
     [sshconnect2.c]
     cleanup unregister of per-method packet handlers; ok djm@
+   - jakob@cvs.openbsd.org 2003/05/15 01:48:10
+     [readconf.c readconf.h servconf.c servconf.h]
+     always parse kerberos options. ok djm@ markus@
+ - (djm) Always parse UsePAM
 - (djm) Configure glue for DNS support (code doesn't work in portable yet)
 20030514
@@ -1492,4 +1496,4 @@
     save auth method before monitor_reset_key_state(); bugzilla bug #284;
     ok provos@
-$Id: ChangeLog,v 1.2705 2003/05/15 02:01:28 djm Exp $
+$Id: ChangeLog,v 1.2706 2003/05/15 02:05:28 djm Exp $
diff --git a/readconf.c b/readconf.c
index c9c463b29..4c5d44859 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.107 2003/05/14 18:16:20 jakob Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.108 2003/05/15 01:48:10 jakob Exp $");
 #include "ssh.h"
 #include "xmalloc.h"
@@ -94,15 +94,7 @@ typedef enum {
        oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
        oPasswordAuthentication, oRSAAuthentication,
        oChallengeResponseAuthentication, oXAuthLocation,
-#if defined(KRB4) || defined(KRB5)
+        oKerberosAuthentication, oKerberosTgtPassing, oAFSTokenPassing,
-        oKerberosAuthentication,
-#endif
-#if defined(AFS) || defined(KRB5)
-        oKerberosTgtPassing,
-#endif
-#ifdef AFS
-        oAFSTokenPassing,
-#endif
        oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
        oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
        oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
@@ -141,15 +133,9 @@ static struct {
        { "challengeresponseauthentication", oChallengeResponseAuthentication },
        { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
        { "tisauthentication", oChallengeResponseAuthentication },  /* alias */
-#if defined(KRB4) || defined(KRB5)
        { "kerberosauthentication", oKerberosAuthentication },
-#endif
-#if defined(AFS) || defined(KRB5)
        { "kerberostgtpassing", oKerberosTgtPassing },
-#endif
-#ifdef AFS
        { "afstokenpassing", oAFSTokenPassing },
-#endif
        { "fallbacktorsh", oDeprecated },
        { "usersh", oDeprecated },
        { "identityfile", oIdentityFile },
@@ -370,21 +356,19 @@ parse_flag:
        case oChallengeResponseAuthentication:
                intptr = &options->challenge_response_authentication;
                goto parse_flag;
-#if defined(KRB4) || defined(KRB5)
        case oKerberosAuthentication:
                intptr = &options->kerberos_authentication;
                goto parse_flag;
-#endif
-#if defined(AFS) || defined(KRB5)
        case oKerberosTgtPassing:
                intptr = &options->kerberos_tgt_passing;
                goto parse_flag;
-#endif
-#ifdef AFS
        case oAFSTokenPassing:
                intptr = &options->afs_token_passing;
                goto parse_flag;
-#endif
        case oBatchMode:
                intptr = &options->batch_mode;
                goto parse_flag;
@@ -786,15 +770,9 @@ initialize_options(Options * options)
        options->rsa_authentication = -1;
        options->pubkey_authentication = -1;
        options->challenge_response_authentication = -1;
-#if defined(KRB4) || defined(KRB5)
        options->kerberos_authentication = -1;
-#endif
-#if defined(AFS) || defined(KRB5)
        options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
        options->afs_token_passing = -1;
-#endif
        options->password_authentication = -1;
        options->kbd_interactive_authentication = -1;
        options->kbd_interactive_devices = NULL;
@@ -865,18 +843,12 @@ fill_default_options(Options * options)
                options->pubkey_authentication = 1;
        if (options->challenge_response_authentication == -1)
                options->challenge_response_authentication = 1;
-#if defined(KRB4) || defined(KRB5)
        if (options->kerberos_authentication == -1)
                options->kerberos_authentication = 1;
-#endif
-#if defined(AFS) || defined(KRB5)
        if (options->kerberos_tgt_passing == -1)
                options->kerberos_tgt_passing = 1;
-#endif
-#ifdef AFS
        if (options->afs_token_passing == -1)
                options->afs_token_passing = 1;
-#endif
        if (options->password_authentication == -1)
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)
diff --git a/readconf.h b/readconf.h
index d141b8c00..991e20091 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: readconf.h,v 1.48 2003/05/14 18:16:20 jakob Exp $     */
+/*      $OpenBSD: readconf.h,v 1.49 2003/05/15 01:48:10 jakob Exp $     */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -41,15 +41,9 @@ typedef struct {
        int     hostbased_authentication;       /* ssh2's rhosts_rsa */
        int     challenge_response_authentication;
                                        /* Try S/Key or TIS, authentication. */
-#if defined(KRB4) || defined(KRB5)
        int     kerberos_authentication;        /* Try Kerberos authentication. */
-#endif
-#if defined(AFS) || defined(KRB5)
        int     kerberos_tgt_passing;   /* Try Kerberos TGT passing. */
-#endif
-#ifdef AFS
        int     afs_token_passing;      /* Try AFS token passing. */
-#endif
        int     password_authentication;        /* Try password
                                                 * authentication. */
        int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
diff --git a/servconf.c b/servconf.c
index fbdc4d8fa..5076c5df6 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.118 2003/04/09 08:23:52 hin Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.119 2003/05/15 01:48:10 jakob Exp $");
 #if defined(KRB4)
 #include <krb.h>
@@ -59,10 +59,8 @@ initialize_server_options(ServerOptions *options)
 {
        memset(options, 0, sizeof(*options));
-#ifdef USE_PAM
        /* Portable-specific options */
        options->use_pam = -1;
-#endif
        /* Standard Options */
        options->num_ports = 0;
@@ -92,17 +90,11 @@ initialize_server_options(ServerOptions *options)
        options->hostbased_uses_name_from_packet_only = -1;
        options->rsa_authentication = -1;
        options->pubkey_authentication = -1;
-#if defined(KRB4) || defined(KRB5)
        options->kerberos_authentication = -1;
        options->kerberos_or_local_passwd = -1;
        options->kerberos_ticket_cleanup = -1;
-#endif
-#if defined(AFS) || defined(KRB5)
        options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
        options->afs_token_passing = -1;
-#endif
        options->password_authentication = -1;
        options->kbd_interactive_authentication = -1;
        options->challenge_response_authentication = -1;
@@ -138,10 +130,8 @@ void
 fill_default_server_options(ServerOptions *options)
 {
        /* Portable-specific options */
-#ifdef USE_PAM
        if (options->use_pam == -1)
-                options->use_pam = 1;
+                options->use_pam = 0;
-#endif
        /* Standard Options */
        if (options->protocol == SSH_PROTO_UNKNOWN)
@@ -208,22 +198,16 @@ fill_default_server_options(ServerOptions *options)
                options->rsa_authentication = 1;
        if (options->pubkey_authentication == -1)
                options->pubkey_authentication = 1;
-#if defined(KRB4) || defined(KRB5)
        if (options->kerberos_authentication == -1)
                options->kerberos_authentication = 0;
        if (options->kerberos_or_local_passwd == -1)
                options->kerberos_or_local_passwd = 1;
        if (options->kerberos_ticket_cleanup == -1)
                options->kerberos_ticket_cleanup = 1;
-#endif
-#if defined(AFS) || defined(KRB5)
        if (options->kerberos_tgt_passing == -1)
                options->kerberos_tgt_passing = 0;
-#endif
-#ifdef AFS
        if (options->afs_token_passing == -1)
                options->afs_token_passing = 0;
-#endif
        if (options->password_authentication == -1)
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)
@@ -288,16 +272,8 @@ typedef enum {
        sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
        sPermitRootLogin, sLogFacility, sLogLevel,
        sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
-#if defined(KRB4) || defined(KRB5)
        sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
-#endif
+        sKerberosTgtPassing, sAFSTokenPassing, sChallengeResponseAuthentication,
-#if defined(AFS) || defined(KRB5)
-        sKerberosTgtPassing,
-#endif
-#ifdef AFS
-        sAFSTokenPassing,
-#endif
-        sChallengeResponseAuthentication,
        sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
        sPrintMotd, sPrintLastLog, sIgnoreRhosts,
        sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
@@ -338,17 +314,11 @@ static struct {
        { "rsaauthentication", sRSAAuthentication },
        { "pubkeyauthentication", sPubkeyAuthentication },
        { "dsaauthentication", sPubkeyAuthentication },                 /* alias */
-#if defined(KRB4) || defined(KRB5)
        { "kerberosauthentication", sKerberosAuthentication },
        { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
        { "kerberosticketcleanup", sKerberosTicketCleanup },
-#endif
-#if defined(AFS) || defined(KRB5)
        { "kerberostgtpassing", sKerberosTgtPassing },
-#endif
-#ifdef AFS
        { "afstokenpassing", sAFSTokenPassing },
-#endif
        { "passwordauthentication", sPasswordAuthentication },
        { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
        { "challengeresponseauthentication", sChallengeResponseAuthentication },
@@ -653,7 +623,7 @@ parse_flag:
        case sPubkeyAuthentication:
                intptr = &options->pubkey_authentication;
                goto parse_flag;
-#if defined(KRB4) || defined(KRB5)
        case sKerberosAuthentication:
                intptr = &options->kerberos_authentication;
                goto parse_flag;
@@ -665,17 +635,14 @@ parse_flag:
        case sKerberosTicketCleanup:
                intptr = &options->kerberos_ticket_cleanup;
                goto parse_flag;
-#endif
-#if defined(AFS) || defined(KRB5)
        case sKerberosTgtPassing:
                intptr = &options->kerberos_tgt_passing;
                goto parse_flag;
-#endif
-#ifdef AFS
        case sAFSTokenPassing:
                intptr = &options->afs_token_passing;
                goto parse_flag;
-#endif
        case sPasswordAuthentication:
                intptr = &options->password_authentication;
diff --git a/servconf.h b/servconf.h
index afa80675e..4ad1ee7be 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $    */
+/*      $OpenBSD: servconf.h,v 1.60 2003/05/15 01:48:10 jakob Exp $     */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -73,7 +73,6 @@ typedef struct {
        int     hostbased_uses_name_from_packet_only; /* experimental */
        int     rsa_authentication;     /* If true, permit RSA authentication. */
        int     pubkey_authentication;  /* If true, permit ssh2 pubkey authentication. */
-#if defined(KRB4) || defined(KRB5)
        int     kerberos_authentication;        /* If true, permit Kerberos
                                                 * authentication. */
        int     kerberos_or_local_passwd;       /* If true, permit kerberos
@@ -83,14 +82,9 @@ typedef struct {
                                                 * /etc/passwd */
        int     kerberos_ticket_cleanup;        /* If true, destroy ticket
                                                 * file on logout. */
-#endif
-#if defined(AFS) || defined(KRB5)
        int     kerberos_tgt_passing;   /* If true, permit Kerberos TGT
                                         * passing. */
-#endif
-#ifdef AFS
        int     afs_token_passing;      /* If true, permit AFS token passing. */
-#endif
        int     password_authentication;        /* If true, permit password
                                                 * authentication. */
        int     kbd_interactive_authentication; /* If true, permit */
diff --git a/sshd_config b/sshd_config
index 36429c9d0..57a1f2bec 100644
--- a/sshd_config
+++ b/sshd_config
@@ -69,9 +69,10 @@
 # Kerberos TGT Passing only works with the AFS kaserver
 #KerberosTgtPassing no
-# Set this to 'yes' to enable PAM keyboard-interactive authentication 
+# Set this to 'yes' to enable PAM authentication (via challenge-response)
+# and session processing
 # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
-#PAMAuthenticationViaKbdInt no
+#UsePAM no
 #X11Forwarding no
 #X11DisplayOffset 10

diff --git a/ChangeLog b/ChangeLog index a6e2446e5..97acfef06 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -16,6 +16,10 @@
16	- markus@cvs.openbsd.org 2003/05/15 00:28:28	16	- markus@cvs.openbsd.org 2003/05/15 00:28:28
17	[sshconnect2.c]	17	[sshconnect2.c]
18	cleanup unregister of per-method packet handlers; ok djm@	18	cleanup unregister of per-method packet handlers; ok djm@
		19	- jakob@cvs.openbsd.org 2003/05/15 01:48:10
		20	[readconf.c readconf.h servconf.c servconf.h]
		21	always parse kerberos options. ok djm@ markus@
		22	- (djm) Always parse UsePAM
19	- (djm) Configure glue for DNS support (code doesn't work in portable yet)	23	- (djm) Configure glue for DNS support (code doesn't work in portable yet)
20		24
21	20030514	25	20030514
@@ -1492,4 +1496,4 @@
1492	save auth method before monitor_reset_key_state(); bugzilla bug #284;	1496	save auth method before monitor_reset_key_state(); bugzilla bug #284;
1493	ok provos@	1497	ok provos@
1494		1498
1495	$Id: ChangeLog,v 1.2705 2003/05/15 02:01:28 djm Exp $	1499	$Id: ChangeLog,v 1.2706 2003/05/15 02:05:28 djm Exp $


diff --git a/readconf.c b/readconf.c index c9c463b29..4c5d44859 100644 --- a/readconf.c +++ b/readconf.c
@@ -12,7 +12,7 @@
12	*/	12	*/
13		13
14	#include "includes.h"	14	#include "includes.h"
15	RCSID("$OpenBSD: readconf.c,v 1.107 2003/05/14 18:16:20 jakob Exp $");	15	RCSID("$OpenBSD: readconf.c,v 1.108 2003/05/15 01:48:10 jakob Exp $");
16		16
17	#include "ssh.h"	17	#include "ssh.h"
18	#include "xmalloc.h"	18	#include "xmalloc.h"
@@ -94,15 +94,7 @@ typedef enum {
94	oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,	94	oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
95	oPasswordAuthentication, oRSAAuthentication,	95	oPasswordAuthentication, oRSAAuthentication,
96	oChallengeResponseAuthentication, oXAuthLocation,	96	oChallengeResponseAuthentication, oXAuthLocation,
97	#if defined(KRB4) \|\| defined(KRB5)	97	oKerberosAuthentication, oKerberosTgtPassing, oAFSTokenPassing,
98	oKerberosAuthentication,
99	#endif
100	#if defined(AFS) \|\| defined(KRB5)
101	oKerberosTgtPassing,
102	#endif
103	#ifdef AFS
104	oAFSTokenPassing,
105	#endif
106	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,	98	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
107	oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,	99	oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
108	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,	100	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
@@ -141,15 +133,9 @@ static struct {
141	{ "challengeresponseauthentication", oChallengeResponseAuthentication },	133	{ "challengeresponseauthentication", oChallengeResponseAuthentication },
142	{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */	134	{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
143	{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */	135	{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */
144	#if defined(KRB4) \|\| defined(KRB5)
145	{ "kerberosauthentication", oKerberosAuthentication },	136	{ "kerberosauthentication", oKerberosAuthentication },
146	#endif
147	#if defined(AFS) \|\| defined(KRB5)
148	{ "kerberostgtpassing", oKerberosTgtPassing },	137	{ "kerberostgtpassing", oKerberosTgtPassing },
149	#endif
150	#ifdef AFS
151	{ "afstokenpassing", oAFSTokenPassing },	138	{ "afstokenpassing", oAFSTokenPassing },
152	#endif
153	{ "fallbacktorsh", oDeprecated },	139	{ "fallbacktorsh", oDeprecated },
154	{ "usersh", oDeprecated },	140	{ "usersh", oDeprecated },
155	{ "identityfile", oIdentityFile },	141	{ "identityfile", oIdentityFile },
@@ -370,21 +356,19 @@ parse_flag:
370	case oChallengeResponseAuthentication:	356	case oChallengeResponseAuthentication:
371	intptr = &options->challenge_response_authentication;	357	intptr = &options->challenge_response_authentication;
372	goto parse_flag;	358	goto parse_flag;
373	#if defined(KRB4) \|\| defined(KRB5)	359
374	case oKerberosAuthentication:	360	case oKerberosAuthentication:
375	intptr = &options->kerberos_authentication;	361	intptr = &options->kerberos_authentication;
376	goto parse_flag;	362	goto parse_flag;
377	#endif	363
378	#if defined(AFS) \|\| defined(KRB5)
379	case oKerberosTgtPassing:	364	case oKerberosTgtPassing:
380	intptr = &options->kerberos_tgt_passing;	365	intptr = &options->kerberos_tgt_passing;
381	goto parse_flag;	366	goto parse_flag;
382	#endif	367
383	#ifdef AFS
384	case oAFSTokenPassing:	368	case oAFSTokenPassing:
385	intptr = &options->afs_token_passing;	369	intptr = &options->afs_token_passing;
386	goto parse_flag;	370	goto parse_flag;
387	#endif	371
388	case oBatchMode:	372	case oBatchMode:
389	intptr = &options->batch_mode;	373	intptr = &options->batch_mode;
390	goto parse_flag;	374	goto parse_flag;
@@ -786,15 +770,9 @@ initialize_options(Options * options)
786	options->rsa_authentication = -1;	770	options->rsa_authentication = -1;
787	options->pubkey_authentication = -1;	771	options->pubkey_authentication = -1;
788	options->challenge_response_authentication = -1;	772	options->challenge_response_authentication = -1;
789	#if defined(KRB4) \|\| defined(KRB5)
790	options->kerberos_authentication = -1;	773	options->kerberos_authentication = -1;
791	#endif
792	#if defined(AFS) \|\| defined(KRB5)
793	options->kerberos_tgt_passing = -1;	774	options->kerberos_tgt_passing = -1;
794	#endif
795	#ifdef AFS
796	options->afs_token_passing = -1;	775	options->afs_token_passing = -1;
797	#endif
798	options->password_authentication = -1;	776	options->password_authentication = -1;
799	options->kbd_interactive_authentication = -1;	777	options->kbd_interactive_authentication = -1;
800	options->kbd_interactive_devices = NULL;	778	options->kbd_interactive_devices = NULL;
@@ -865,18 +843,12 @@ fill_default_options(Options * options)
865	options->pubkey_authentication = 1;	843	options->pubkey_authentication = 1;
866	if (options->challenge_response_authentication == -1)	844	if (options->challenge_response_authentication == -1)
867	options->challenge_response_authentication = 1;	845	options->challenge_response_authentication = 1;
868	#if defined(KRB4) \|\| defined(KRB5)
869	if (options->kerberos_authentication == -1)	846	if (options->kerberos_authentication == -1)
870	options->kerberos_authentication = 1;	847	options->kerberos_authentication = 1;
871	#endif
872	#if defined(AFS) \|\| defined(KRB5)
873	if (options->kerberos_tgt_passing == -1)	848	if (options->kerberos_tgt_passing == -1)
874	options->kerberos_tgt_passing = 1;	849	options->kerberos_tgt_passing = 1;
875	#endif
876	#ifdef AFS
877	if (options->afs_token_passing == -1)	850	if (options->afs_token_passing == -1)
878	options->afs_token_passing = 1;	851	options->afs_token_passing = 1;
879	#endif
880	if (options->password_authentication == -1)	852	if (options->password_authentication == -1)
881	options->password_authentication = 1;	853	options->password_authentication = 1;
882	if (options->kbd_interactive_authentication == -1)	854	if (options->kbd_interactive_authentication == -1)


diff --git a/readconf.h b/readconf.h index d141b8c00..991e20091 100644 --- a/readconf.h +++ b/readconf.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: readconf.h,v 1.48 2003/05/14 18:16:20 jakob Exp $ */	1	/* $OpenBSD: readconf.h,v 1.49 2003/05/15 01:48:10 jakob Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -41,15 +41,9 @@ typedef struct {
41	int hostbased_authentication; /* ssh2's rhosts_rsa */	41	int hostbased_authentication; /* ssh2's rhosts_rsa */
42	int challenge_response_authentication;	42	int challenge_response_authentication;
43	/* Try S/Key or TIS, authentication. */	43	/* Try S/Key or TIS, authentication. */
44	#if defined(KRB4) \|\| defined(KRB5)
45	int kerberos_authentication; /* Try Kerberos authentication. */	44	int kerberos_authentication; /* Try Kerberos authentication. */
46	#endif
47	#if defined(AFS) \|\| defined(KRB5)
48	int kerberos_tgt_passing; /* Try Kerberos TGT passing. */	45	int kerberos_tgt_passing; /* Try Kerberos TGT passing. */
49	#endif
50	#ifdef AFS
51	int afs_token_passing; /* Try AFS token passing. */	46	int afs_token_passing; /* Try AFS token passing. */
52	#endif
53	int password_authentication; /* Try password	47	int password_authentication; /* Try password
54	* authentication. */	48	* authentication. */
55	int kbd_interactive_authentication; /* Try keyboard-interactive auth. */	49	int kbd_interactive_authentication; /* Try keyboard-interactive auth. */


diff --git a/servconf.c b/servconf.c index fbdc4d8fa..5076c5df6 100644 --- a/servconf.c +++ b/servconf.c
@@ -10,7 +10,7 @@
10	*/	10	*/
11		11
12	#include "includes.h"	12	#include "includes.h"
13	RCSID("$OpenBSD: servconf.c,v 1.118 2003/04/09 08:23:52 hin Exp $");	13	RCSID("$OpenBSD: servconf.c,v 1.119 2003/05/15 01:48:10 jakob Exp $");
14		14
15	#if defined(KRB4)	15	#if defined(KRB4)
16	#include <krb.h>	16	#include <krb.h>
@@ -59,10 +59,8 @@ initialize_server_options(ServerOptions *options)
59	{	59	{
60	memset(options, 0, sizeof(*options));	60	memset(options, 0, sizeof(*options));
61		61
62	#ifdef USE_PAM
63	/* Portable-specific options */	62	/* Portable-specific options */
64	options->use_pam = -1;	63	options->use_pam = -1;
65	#endif
66		64
67	/* Standard Options */	65	/* Standard Options */
68	options->num_ports = 0;	66	options->num_ports = 0;
@@ -92,17 +90,11 @@ initialize_server_options(ServerOptions *options)
92	options->hostbased_uses_name_from_packet_only = -1;	90	options->hostbased_uses_name_from_packet_only = -1;
93	options->rsa_authentication = -1;	91	options->rsa_authentication = -1;
94	options->pubkey_authentication = -1;	92	options->pubkey_authentication = -1;
95	#if defined(KRB4) \|\| defined(KRB5)
96	options->kerberos_authentication = -1;	93	options->kerberos_authentication = -1;
97	options->kerberos_or_local_passwd = -1;	94	options->kerberos_or_local_passwd = -1;
98	options->kerberos_ticket_cleanup = -1;	95	options->kerberos_ticket_cleanup = -1;
99	#endif
100	#if defined(AFS) \|\| defined(KRB5)
101	options->kerberos_tgt_passing = -1;	96	options->kerberos_tgt_passing = -1;
102	#endif
103	#ifdef AFS
104	options->afs_token_passing = -1;	97	options->afs_token_passing = -1;
105	#endif
106	options->password_authentication = -1;	98	options->password_authentication = -1;
107	options->kbd_interactive_authentication = -1;	99	options->kbd_interactive_authentication = -1;
108	options->challenge_response_authentication = -1;	100	options->challenge_response_authentication = -1;
@@ -138,10 +130,8 @@ void
138	fill_default_server_options(ServerOptions *options)	130	fill_default_server_options(ServerOptions *options)
139	{	131	{
140	/* Portable-specific options */	132	/* Portable-specific options */
141	#ifdef USE_PAM
142	if (options->use_pam == -1)	133	if (options->use_pam == -1)
143	options->use_pam = 1;	134	options->use_pam = 0;
144	#endif
145		135
146	/* Standard Options */	136	/* Standard Options */
147	if (options->protocol == SSH_PROTO_UNKNOWN)	137	if (options->protocol == SSH_PROTO_UNKNOWN)
@@ -208,22 +198,16 @@ fill_default_server_options(ServerOptions *options)
208	options->rsa_authentication = 1;	198	options->rsa_authentication = 1;
209	if (options->pubkey_authentication == -1)	199	if (options->pubkey_authentication == -1)
210	options->pubkey_authentication = 1;	200	options->pubkey_authentication = 1;
211	#if defined(KRB4) \|\| defined(KRB5)
212	if (options->kerberos_authentication == -1)	201	if (options->kerberos_authentication == -1)
213	options->kerberos_authentication = 0;	202	options->kerberos_authentication = 0;
214	if (options->kerberos_or_local_passwd == -1)	203	if (options->kerberos_or_local_passwd == -1)
215	options->kerberos_or_local_passwd = 1;	204	options->kerberos_or_local_passwd = 1;
216	if (options->kerberos_ticket_cleanup == -1)	205	if (options->kerberos_ticket_cleanup == -1)
217	options->kerberos_ticket_cleanup = 1;	206	options->kerberos_ticket_cleanup = 1;
218	#endif
219	#if defined(AFS) \|\| defined(KRB5)
220	if (options->kerberos_tgt_passing == -1)	207	if (options->kerberos_tgt_passing == -1)
221	options->kerberos_tgt_passing = 0;	208	options->kerberos_tgt_passing = 0;
222	#endif
223	#ifdef AFS
224	if (options->afs_token_passing == -1)	209	if (options->afs_token_passing == -1)
225	options->afs_token_passing = 0;	210	options->afs_token_passing = 0;
226	#endif
227	if (options->password_authentication == -1)	211	if (options->password_authentication == -1)
228	options->password_authentication = 1;	212	options->password_authentication = 1;
229	if (options->kbd_interactive_authentication == -1)	213	if (options->kbd_interactive_authentication == -1)
@@ -288,16 +272,8 @@ typedef enum {
288	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,	272	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
289	sPermitRootLogin, sLogFacility, sLogLevel,	273	sPermitRootLogin, sLogFacility, sLogLevel,
290	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,	274	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
291	#if defined(KRB4) \|\| defined(KRB5)
292	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,	275	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
293	#endif	276	sKerberosTgtPassing, sAFSTokenPassing, sChallengeResponseAuthentication,
294	#if defined(AFS) \|\| defined(KRB5)
295	sKerberosTgtPassing,
296	#endif
297	#ifdef AFS
298	sAFSTokenPassing,
299	#endif
300	sChallengeResponseAuthentication,
301	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,	277	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
302	sPrintMotd, sPrintLastLog, sIgnoreRhosts,	278	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
303	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,	279	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
@@ -338,17 +314,11 @@ static struct {
338	{ "rsaauthentication", sRSAAuthentication },	314	{ "rsaauthentication", sRSAAuthentication },
339	{ "pubkeyauthentication", sPubkeyAuthentication },	315	{ "pubkeyauthentication", sPubkeyAuthentication },
340	{ "dsaauthentication", sPubkeyAuthentication }, /* alias */	316	{ "dsaauthentication", sPubkeyAuthentication }, /* alias */
341	#if defined(KRB4) \|\| defined(KRB5)
342	{ "kerberosauthentication", sKerberosAuthentication },	317	{ "kerberosauthentication", sKerberosAuthentication },
343	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },	318	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
344	{ "kerberosticketcleanup", sKerberosTicketCleanup },	319	{ "kerberosticketcleanup", sKerberosTicketCleanup },
345	#endif
346	#if defined(AFS) \|\| defined(KRB5)
347	{ "kerberostgtpassing", sKerberosTgtPassing },	320	{ "kerberostgtpassing", sKerberosTgtPassing },
348	#endif
349	#ifdef AFS
350	{ "afstokenpassing", sAFSTokenPassing },	321	{ "afstokenpassing", sAFSTokenPassing },
351	#endif
352	{ "passwordauthentication", sPasswordAuthentication },	322	{ "passwordauthentication", sPasswordAuthentication },
353	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },	323	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
354	{ "challengeresponseauthentication", sChallengeResponseAuthentication },	324	{ "challengeresponseauthentication", sChallengeResponseAuthentication },
@@ -653,7 +623,7 @@ parse_flag:
653	case sPubkeyAuthentication:	623	case sPubkeyAuthentication:
654	intptr = &options->pubkey_authentication;	624	intptr = &options->pubkey_authentication;
655	goto parse_flag;	625	goto parse_flag;
656	#if defined(KRB4) \|\| defined(KRB5)	626
657	case sKerberosAuthentication:	627	case sKerberosAuthentication:
658	intptr = &options->kerberos_authentication;	628	intptr = &options->kerberos_authentication;
659	goto parse_flag;	629	goto parse_flag;
@@ -665,17 +635,14 @@ parse_flag:
665	case sKerberosTicketCleanup:	635	case sKerberosTicketCleanup:
666	intptr = &options->kerberos_ticket_cleanup;	636	intptr = &options->kerberos_ticket_cleanup;
667	goto parse_flag;	637	goto parse_flag;
668	#endif	638
669	#if defined(AFS) \|\| defined(KRB5)
670	case sKerberosTgtPassing:	639	case sKerberosTgtPassing:
671	intptr = &options->kerberos_tgt_passing;	640	intptr = &options->kerberos_tgt_passing;
672	goto parse_flag;	641	goto parse_flag;
673	#endif	642
674	#ifdef AFS
675	case sAFSTokenPassing:	643	case sAFSTokenPassing:
676	intptr = &options->afs_token_passing;	644	intptr = &options->afs_token_passing;
677	goto parse_flag;	645	goto parse_flag;
678	#endif
679		646
680	case sPasswordAuthentication:	647	case sPasswordAuthentication:
681	intptr = &options->password_authentication;	648	intptr = &options->password_authentication;


diff --git a/servconf.h b/servconf.h index afa80675e..4ad1ee7be 100644 --- a/servconf.h +++ b/servconf.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */	1	/* $OpenBSD: servconf.h,v 1.60 2003/05/15 01:48:10 jakob Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -73,7 +73,6 @@ typedef struct {
73	int hostbased_uses_name_from_packet_only; /* experimental */	73	int hostbased_uses_name_from_packet_only; /* experimental */
74	int rsa_authentication; /* If true, permit RSA authentication. */	74	int rsa_authentication; /* If true, permit RSA authentication. */
75	int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */	75	int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
76	#if defined(KRB4) \|\| defined(KRB5)
77	int kerberos_authentication; /* If true, permit Kerberos	76	int kerberos_authentication; /* If true, permit Kerberos
78	* authentication. */	77	* authentication. */
79	int kerberos_or_local_passwd; /* If true, permit kerberos	78	int kerberos_or_local_passwd; /* If true, permit kerberos
@@ -83,14 +82,9 @@ typedef struct {
83	* /etc/passwd */	82	* /etc/passwd */
84	int kerberos_ticket_cleanup; /* If true, destroy ticket	83	int kerberos_ticket_cleanup; /* If true, destroy ticket
85	* file on logout. */	84	* file on logout. */
86	#endif
87	#if defined(AFS) \|\| defined(KRB5)
88	int kerberos_tgt_passing; /* If true, permit Kerberos TGT	85	int kerberos_tgt_passing; /* If true, permit Kerberos TGT
89	* passing. */	86	* passing. */
90	#endif
91	#ifdef AFS
92	int afs_token_passing; /* If true, permit AFS token passing. */	87	int afs_token_passing; /* If true, permit AFS token passing. */
93	#endif
94	int password_authentication; /* If true, permit password	88	int password_authentication; /* If true, permit password
95	* authentication. */	89	* authentication. */
96	int kbd_interactive_authentication; /* If true, permit */	90	int kbd_interactive_authentication; /* If true, permit */


diff --git a/sshd_config b/sshd_config index 36429c9d0..57a1f2bec 100644 --- a/sshd_config +++ b/sshd_config
@@ -69,9 +69,10 @@
69	# Kerberos TGT Passing only works with the AFS kaserver	69	# Kerberos TGT Passing only works with the AFS kaserver
70	#KerberosTgtPassing no	70	#KerberosTgtPassing no
71		71
72	# Set this to 'yes' to enable PAM keyboard-interactive authentication	72	# Set this to 'yes' to enable PAM authentication (via challenge-response)
		73	# and session processing
73	# Warning: enabling this may bypass the setting of 'PasswordAuthentication'	74	# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
74	#PAMAuthenticationViaKbdInt no	75	#UsePAM no
75		76
76	#X11Forwarding no	77	#X11Forwarding no
77	#X11DisplayOffset 10	78	#X11DisplayOffset 10