Set the KRB5CCNAME envrironment variable in the child if we received
forwarded Kerberos 5 credentials, so that the process that needs them can actually find them.
This commit is contained in:
parent
3fa9ceaa88
commit
6fe37483a3
|
@ -19,6 +19,7 @@
|
||||||
krb5_context ssh_context = NULL;
|
krb5_context ssh_context = NULL;
|
||||||
krb5_auth_context auth_context;
|
krb5_auth_context auth_context;
|
||||||
krb5_ccache fwd_ccache = NULL; /* Credential cache for acquired ticket */
|
krb5_ccache fwd_ccache = NULL; /* Credential cache for acquired ticket */
|
||||||
|
const char *ssh_krb5_ccname;
|
||||||
|
|
||||||
/* Try krb5 authentication. server_user is passed for logging purposes only,
|
/* Try krb5 authentication. server_user is passed for logging purposes only,
|
||||||
in auth is received ticket, in client is returned principal from the
|
in auth is received ticket, in client is returned principal from the
|
||||||
|
@ -128,6 +129,8 @@ auth_krb5_tgt(char *server_user, krb5_data *tgt, krb5_principal tkt_client)
|
||||||
fwd_ccache = ccache;
|
fwd_ccache = ccache;
|
||||||
ccache = NULL;
|
ccache = NULL;
|
||||||
|
|
||||||
|
ssh_krb5_ccname = krb5_cc_get_name(ssh_context, fwd_ccache);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
problem = krb5_cc_copy_cache(ssh_context, ccache, fwd_ccache);
|
problem = krb5_cc_copy_cache(ssh_context, ccache, fwd_ccache);
|
||||||
if (problem) {
|
if (problem) {
|
||||||
|
|
|
@ -985,6 +985,16 @@ do_child(Session *s, const char *command)
|
||||||
}
|
}
|
||||||
#endif /* KRB4 */
|
#endif /* KRB4 */
|
||||||
|
|
||||||
|
#ifdef KRB5
|
||||||
|
{
|
||||||
|
extern const char *ssh_krb5_ccname;
|
||||||
|
|
||||||
|
if (ssh_krb5_ccname)
|
||||||
|
child_set_env(&env, &envsize, "KRB5CCNAME",
|
||||||
|
ssh_krb5_ccname);
|
||||||
|
}
|
||||||
|
#endif /* KRB5 */
|
||||||
|
|
||||||
if (xauthfile)
|
if (xauthfile)
|
||||||
child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
|
child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
|
||||||
if (auth_get_socket_name() != NULL)
|
if (auth_get_socket_name() != NULL)
|
||||||
|
|
Loading…
Reference in New Issue