From 2530562407533bd74c2820fbf91f9a3a6662fe0b Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 6 Dec 2006 04:54:02 +0000
Subject: * Add ssh -K option, the converse of -k, to enable GSSAPI credential 
  delegation (closes: #401483).

---
 debian/changelog | 2 ++
 ssh.1            | 4 +++-
 ssh.c            | 7 +++++--
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index aa1403e67..f6a5f2696 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,8 @@ openssh (1:4.3p2-7) UNRELEASED; urgency=low
   * Default client to attempting GSSAPI authentication.
   * Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's
     found.
+  * Add ssh -K option, the converse of -k, to enable GSSAPI credential
+    delegation (closes: #401483).
 
  -- Colin Watson <cjwatson@debian.org>  Mon, 20 Nov 2006 14:57:16 +0000
 
diff --git a/ssh.1 b/ssh.1
index f7c65a372..b1662d7ac 100644
--- a/ssh.1
+++ b/ssh.1
@@ -43,7 +43,7 @@
 .Nd OpenSSH SSH client (remote login program)
 .Sh SYNOPSIS
 .Nm ssh
-.Op Fl 1246AaCfgkMNnqsTtVvXxY
+.Op Fl 1246AaCfgKkMNnqsTtVvXxY
 .Op Fl b Ar bind_address
 .Op Fl c Ar cipher_spec
 .Oo Fl D\ \&
@@ -314,6 +314,8 @@ It is possible to have multiple
 .Fl i
 options (and multiple identities specified in
 configuration files).
+.It Fl K
+Enables forwarding (delegation) of GSSAPI credentials to the server.
 .It Fl k
 Disables forwarding (delegation) of GSSAPI credentials to the server.
 .It Fl L Xo
diff --git a/ssh.c b/ssh.c
index a64f1e2dc..a86d0e17b 100644
--- a/ssh.c
+++ b/ssh.c
@@ -157,7 +157,7 @@ static void
 usage(void)
 {
 	fprintf(stderr,
-"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
+"usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
 "           [-D [bind_address:]port] [-e escape_char] [-F configfile]\n"
 "           [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
 "           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
@@ -244,7 +244,7 @@ main(int ac, char **av)
 
 again:
 	while ((opt = getopt(ac, av,
-	    "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) {
+	    "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
 		switch (opt) {
 		case '1':
 			options.protocol = SSH_PROTO_1;
@@ -298,6 +298,9 @@ again:
 		case 'k':
 			options.gss_deleg_creds = 0;
 			break;
+		case 'K':
+			options.gss_deleg_creds = 1;
+			break;
 		case 'i':
 			if (stat(optarg, &st) < 0) {
 				fprintf(stderr, "Warning: Identity file %s "
-- 
cgit v1.2.3