Set the KRB5CCNAME envrironment variable in the child if we received
forwarded Kerberos 5 credentials, so that the process that needs them can actually find them.
This commit is contained in:
parent
3fa9ceaa88
commit
6fe37483a3
3
crypto/dist/ssh/auth-krb5.c
vendored
3
crypto/dist/ssh/auth-krb5.c
vendored
@ -19,6 +19,7 @@
|
||||
krb5_context ssh_context = NULL;
|
||||
krb5_auth_context auth_context;
|
||||
krb5_ccache fwd_ccache = NULL; /* Credential cache for acquired ticket */
|
||||
const char *ssh_krb5_ccname;
|
||||
|
||||
/* Try krb5 authentication. server_user is passed for logging purposes only,
|
||||
in auth is received ticket, in client is returned principal from the
|
||||
@ -127,6 +128,8 @@ auth_krb5_tgt(char *server_user, krb5_data *tgt, krb5_principal tkt_client)
|
||||
|
||||
fwd_ccache = ccache;
|
||||
ccache = NULL;
|
||||
|
||||
ssh_krb5_ccname = krb5_cc_get_name(ssh_context, fwd_ccache);
|
||||
|
||||
/*
|
||||
problem = krb5_cc_copy_cache(ssh_context, ccache, fwd_ccache);
|
||||
|
10
crypto/dist/ssh/session.c
vendored
10
crypto/dist/ssh/session.c
vendored
@ -985,6 +985,16 @@ do_child(Session *s, const char *command)
|
||||
}
|
||||
#endif /* KRB4 */
|
||||
|
||||
#ifdef KRB5
|
||||
{
|
||||
extern const char *ssh_krb5_ccname;
|
||||
|
||||
if (ssh_krb5_ccname)
|
||||
child_set_env(&env, &envsize, "KRB5CCNAME",
|
||||
ssh_krb5_ccname);
|
||||
}
|
||||
#endif /* KRB5 */
|
||||
|
||||
if (xauthfile)
|
||||
child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
|
||||
if (auth_get_socket_name() != NULL)
|
||||
|
Loading…
Reference in New Issue
Block a user