From 6fe37483a32c4e7b700f4429730eb3e9429b237f Mon Sep 17 00:00:00 2001
From: thorpej <thorpej@NetBSD.org>
Date: Wed, 28 Mar 2001 03:31:52 +0000
Subject: [PATCH] Set the KRB5CCNAME envrironment variable in the child if we
 received forwarded Kerberos 5 credentials, so that the process that needs
 them can actually find them.

---
 crypto/dist/ssh/auth-krb5.c |  3 +++
 crypto/dist/ssh/session.c   | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/crypto/dist/ssh/auth-krb5.c b/crypto/dist/ssh/auth-krb5.c
index 4724dc3a3a43..b6f1536c8397 100644
--- a/crypto/dist/ssh/auth-krb5.c
+++ b/crypto/dist/ssh/auth-krb5.c
@@ -19,6 +19,7 @@
 krb5_context ssh_context = NULL;
 krb5_auth_context auth_context;
 krb5_ccache fwd_ccache = NULL; /* Credential cache for acquired ticket */
+const char *ssh_krb5_ccname;
 
 /* Try krb5 authentication. server_user is passed for logging purposes only,
    in auth is received ticket, in client is returned principal from the
@@ -127,6 +128,8 @@ auth_krb5_tgt(char *server_user, krb5_data *tgt, krb5_principal tkt_client)
   
   fwd_ccache = ccache;
   ccache = NULL;
+
+  ssh_krb5_ccname = krb5_cc_get_name(ssh_context, fwd_ccache);
   
   /*
   problem = krb5_cc_copy_cache(ssh_context, ccache, fwd_ccache);
diff --git a/crypto/dist/ssh/session.c b/crypto/dist/ssh/session.c
index b5555517fc49..361444808754 100644
--- a/crypto/dist/ssh/session.c
+++ b/crypto/dist/ssh/session.c
@@ -985,6 +985,16 @@ do_child(Session *s, const char *command)
 	}
 #endif /* KRB4 */
 
+#ifdef KRB5
+	{
+		extern const char *ssh_krb5_ccname;
+
+		if (ssh_krb5_ccname)
+			child_set_env(&env, &envsize, "KRB5CCNAME",
+			    ssh_krb5_ccname);
+	}
+#endif /* KRB5 */
+
 	if (xauthfile)
 		child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
 	if (auth_get_socket_name() != NULL)