Set the KRB5CCNAME envrironment variable in the child if we received

forwarded Kerberos 5 credentials, so that the process that needs them
can actually find them.

crypto/dist/ssh/auth-krb5.c

@@ -19,6 +19,7 @@
 krb5_context ssh_context = NULL;
 krb5_auth_context auth_context;
 krb5_ccache fwd_ccache = NULL; /* Credential cache for acquired ticket */
+const char *ssh_krb5_ccname;
 
 /* Try krb5 authentication. server_user is passed for logging purposes only,
    in auth is received ticket, in client is returned principal from the
@@ -128,6 +129,8 @@ auth_krb5_tgt(char *server_user, krb5_data *tgt, krb5_principal tkt_client)
   fwd_ccache = ccache;
   ccache = NULL;
 
+  ssh_krb5_ccname = krb5_cc_get_name(ssh_context, fwd_ccache);
+  
   /*
   problem = krb5_cc_copy_cache(ssh_context, ccache, fwd_ccache);
   if (problem) {

crypto/dist/ssh/session.c

@@ -985,6 +985,16 @@ do_child(Session *s, const char *command)
 	}
 #endif /* KRB4 */
 
+#ifdef KRB5
+	{
+		extern const char *ssh_krb5_ccname;
+
+		if (ssh_krb5_ccname)
+			child_set_env(&env, &envsize, "KRB5CCNAME",
+			    ssh_krb5_ccname);
+	}
+#endif /* KRB5 */
+
 	if (xauthfile)
 		child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
 	if (auth_get_socket_name() != NULL)