From schwim@whatmore.Stanford.EDU Tue Jan 27 00:12:41 1998
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id AAA28626 for <bugs@RT-11.MIT.EDU>; Tue, 27 Jan 1998 00:12:39 -0500
Received: from whatmore.Stanford.EDU by MIT.EDU with SMTP
id AA05581; Tue, 27 Jan 98 00:12:37 EST
Received: (from schwim@localhost)
by whatmore.Stanford.EDU (8.8.8/8.8.8) id VAA06854;
Mon, 26 Jan 1998 21:12:26 -0800 (PST)
Message-Id: <199801270512.VAA06854@whatmore.Stanford.EDU>
Date: Mon, 26 Jan 1998 21:12:26 -0800 (PST)
From: Larry Schwimmer <schwim@whatmore.Stanford.EDU>
To: krb5-bugs@MIT.EDU
Subject: PATCH: krb5-1.0.4 appl/bsd/krshd.c
Some sites still need non-kerberos rsh, but it is nice to have
source code control and a single binary. Since the krb5 kshd is based
off the standard rshd, the krb5 kshd can support both kerberos and
non-kerberos rsh with a few small modifications.
The primary reason for doing the patch was because I needed to
do it for krlogind, and doing it for kshd was little additional work.
(I have a patch for krlogind that I'll send once I seperate out the
local part of that patch.) We moved over from the krb4 daemons to the
krb5 daemons, and ran into the unfortunate discovery that the krb5
klogind did not act as a non-kerberos rlogind. We're trying to turn
off non-kerberos services, but some sites on campus still need both.
A binary built with this patch will support both non-kerberos
and kerberos rsh. This patch adds the non-kerberos support to kshd
and adds the commandline flag "-r", which makes it act as non-kerberos
rshd. It will also work as non-kerberos if run as in.rshd or rshd.
The patches also help clarify non-kerberos from kerberos code and
remove an unused variable. The current code does have KERBEROS
ifdef's, but the seperation with those ifdefs was incomplete.
--- appl/bsd/krshd.c.orig Thu Dec 4 19:41:52 1997
+++ appl/bsd/krshd.c Mon Jan 26 20:55:50 1998
***************
*** 48,55 ****
* or by the name of the daemon. If command-line arguments are present, they
* take priority. The options are:
* -k means trust krb4 or krb5
- * -5 means trust krb5
- * -4 means trust krb4 (using .klogin)
*
*/
--- 48,56 ----
* or by the name of the daemon. If command-line arguments are present, they
* take priority. The options are:
* -k means trust krb4 or krb5
+ * -5 means trust krb5
+ * -4 means trust krb4 (using .klogin)
+ * -r means act as non-kerberos rshd
*
*/
***************
*** 150,156 ****
#include "com_err.h"
#include "loginpaths.h"
- #define ARGSTR "ek54ciD:S:M:AP:?L:"
#define RSHD_BUFSIZ 5120
--- 151,157 ----
#include "com_err.h"
#include "loginpaths.h"
+ #define ARGSTR "ek54cirD:S:M:AP:?L:"
#define RSHD_BUFSIZ 5120
***************
*** 190,205 ****
#endif
/* There are two authentication related masks:
- * auth_ok and auth_sent.
- * The auth_ok mask is the oring of authentication systems any one
- * of which can be used.
- * The auth_sent mask is the oring of one or more authentication/authorization
- * systems that succeeded. If the anding
- * of these two masks is true, then authorization is successful.
- */
#define AUTH_KRB4 (0x1)
#define AUTH_KRB5 (0x2)
- int auth_ok = 0, auth_sent = 0;
int checksum_required = 0, checksum_ignored = 0;
char *progname;
--- 191,207 ----
#endif
/* There are two authentication related masks:
+ * auth_ok and auth_sent.
+ * The auth_ok mask is the oring of authentication systems any one
+ * of which can be used.
+ * The auth_sent mask is the oring of one or more authentication/authorization
+ * systems that succeeded. If the anding
+ * of these two masks is true, then authorization is successful.
+ */
#define AUTH_KRB4 (0x1)
#define AUTH_KRB5 (0x2)
+ #define AUTH_HOST (0x4)
+ int auth_ok = AUTH_KRB4 | AUTH_KRB5, auth_sent = 0, no_kerberos = 0;
int checksum_required = 0, checksum_ignored = 0;
char *progname;
***************
*** 261,266 ****
progname = strrchr (*argv, '/');
progname = progname ? progname + 1 : *argv;
#ifndef LOG_ODELAY /* 4.2 syslog */
openlog(progname, LOG_PID);
#else
--- 263,275 ----
progname = strrchr (*argv, '/');
progname = progname ? progname + 1 : *argv;
+ if (!strcmp(progname,"rshd") || !strcmp(progname,"in.rshd")) {
+ no_kerberos = 1;
+ auth_ok = AUTH_HOST;
+ des_read = &read;
+ des_write = &write;
+ }
+
#ifndef LOG_ODELAY /* 4.2 syslog */
openlog(progname, LOG_PID);
#else
***************
*** 271,284 ****
#endif /* 4.2 syslog */
#ifdef KERBEROS
- status = krb5_init_context(&bsd_context);
- if (status) {
syslog(LOG_ERR, "Error initializing krb5: %s",
error_message(status));
exit(1);
}
#endif
-
/* Analyze parameters. */
opterr = 0;
while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
--- 280,295 ----
#endif /* 4.2 syslog */
#ifdef KERBEROS
+ if (!no_kerberos) {
+ status = krb5_init_context(&bsd_context);
+ if (status) {
syslog(LOG_ERR, "Error initializing krb5: %s",
error_message(status));
exit(1);
+ }
}
#endif
+
/* Analyze parameters. */
opterr = 0;
while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
***************
*** 345,351 ****
exit(2);
}
break;
#endif
case 'D':
debug_port = atoi(optarg);
break;
--- 356,370 ----
exit(2);
}
break;
+
+ case 'r':
+ no_kerberos = 1;
+ des_read = &read;
+ des_write = &write;
+ auth_ok = AUTH_HOST;
+ break;
#endif
+
case 'D':
debug_port = atoi(optarg);
break;
***************
*** 579,585 ****
char buf[RSHD_BUFSIZ], sig;
struct sockaddr_in fromaddr;
struct sockaddr_in localaddr;
- int non_privileged = 0;
#ifdef POSIX_SIGNALS
struct sigaction sa;
#endif
--- 598,603 ----
char buf[RSHD_BUFSIZ], sig;
struct sockaddr_in fromaddr;
struct sockaddr_in localaddr;
#ifdef POSIX_SIGNALS
struct sigaction sa;
#endif
***************
*** 635,652 ****
}
#ifdef KERBEROS
netf = f;
- desinbuf.data = des_inbuf;
- desoutbuf.data = des_outbuf;
- if ( (fromp->sin_port >= IPPORT_RESERVED ||
- fromp->sin_port < IPPORT_RESERVED/2))
- non_privileged = 1;
- #else
if (fromp->sin_port >= IPPORT_RESERVED ||
fromp->sin_port < IPPORT_RESERVED/2) {
syslog(LOG_ERR , "connection from bad port\n");
exit(1);
}
- #endif /* KERBEROS */
#ifdef CRAY
--- 653,668 ----
}
#ifdef KERBEROS
netf = f;
+ if (!no_kerberos) {
+ desinbuf.data = des_inbuf;
+ desoutbuf.data = des_outbuf;
+ } else
+ #endif /* KERBEROS */
if (fromp->sin_port >= IPPORT_RESERVED ||
fromp->sin_port < IPPORT_RESERVED/2) {
syslog(LOG_ERR , "connection from bad port\n");
exit(1);
}
#ifdef CRAY
***************
*** 712,725 ****
exit(1);
}
#ifdef KERBEROS
- if ( port >= IPPORT_RESERVED)
- non_privileged = 1;
- #else
if (port >= IPPORT_RESERVED) {
syslog(LOG_ERR , "2nd port not reserved\n");
exit(1);
}
- #endif /* KERBEROS */
fromp->sin_port = htons((u_short)port);
if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) {
syslog(LOG_INFO ,
--- 728,740 ----
exit(1);
}
#ifdef KERBEROS
+ if (no_kerberos)
+ #endif /* KERBEROS */
if (port >= IPPORT_RESERVED) {
syslog(LOG_ERR , "2nd port not reserved\n");
exit(1);
}
+
fromp->sin_port = htons((u_short)port);
if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) {
syslog(LOG_INFO ,
***************
*** 742,757 ****
}
#ifdef KERBEROS
- if ((status = recvauth(f, fromaddr,&valid_checksum))) {
- error("Authentication failed: %s\n", error_message(status));
- exit(1);
- }
- if (!strncmp(cmdbuf, "-x ", 3))
- do_encrypt = 1;
- #else
getstr(f, remuser, sizeof(remuser), "remuser");
getstr(f, locuser, sizeof(locuser), "locuser");
getstr(f, cmdbuf, sizeof(cmdbuf), "command");
#endif /* KERBEROS */
#ifdef CRAY
--- 757,776 ----
}
#ifdef KERBEROS
+ if (!no_kerberos) {
+ if ((status = recvauth(f, fromaddr,&valid_checksum))) {
+ error("Authentication failed: %s\n", error_message(status));
+ exit(1);
+ }
+ if (!strncmp(cmdbuf, "-x ", 3))
+ do_encrypt = 1;
+ } else {
+ #endif /* KERBEROS */
getstr(f, remuser, sizeof(remuser), "remuser");
getstr(f, locuser, sizeof(locuser), "locuser");
getstr(f, cmdbuf, sizeof(cmdbuf), "command");
+ #ifdef KERBEROS
+ }
#endif /* KERBEROS */
#ifdef CRAY
***************
*** 1031,1036 ****
else auth_sent |= AUTH_KRB4;
} else
#endif
{
/* krb5_kuserok returns 1 if OK */
if (!krb5_kuserok(bsd_context, client, locuser)){
--- 1050,1056 ----
else auth_sent |= AUTH_KRB4;
} else
#endif
+ if (!no_kerberos)
{
/* krb5_kuserok returns 1 if OK */
if (!krb5_kuserok(bsd_context, client, locuser)){
***************
*** 1043,1057 ****
((auth_sys == KRB5_RECVAUTH_V4) ? AUTH_KRB4 : AUTH_KRB5);
}
-
- #else
- if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
ruserok(hostname, pwd->pw_uid == 0, remuser, locuser) < 0) {
error("Permission denied.\n");
goto signout_please;
}
- #endif /* KERBEROS */
-
if (checksum_required && !valid_checksum) {
if (auth_sent & AUTH_KRB5) {
--- 1063,1080 ----
((auth_sys == KRB5_RECVAUTH_V4) ? AUTH_KRB4 : AUTH_KRB5);
}
+ else
+ #endif /* KERBEROS */
+ if (pwd->pw_passwd == 0 || *pwd->pw_passwd == '\0' ||
ruserok(hostname, pwd->pw_uid == 0, remuser, locuser) < 0) {
error("Permission denied.\n");
goto signout_please;
}
+ #ifdef KERBEROS
+ else {
+ auth_sent |= AUTH_HOST;
+ }
+ #endif
if (checksum_required && !valid_checksum) {
if (auth_sent & AUTH_KRB5) {
***************
*** 1648,1654 ****
void usage()
{
#ifdef KERBEROS
- syslog(LOG_ERR, "usage: kshd [-54ecikK] ");
#else
syslog(LOG_ERR, "usage: rshd");
#endif
--- 1671,1677 ----
void usage()
{
#ifdef KERBEROS
+ syslog(LOG_ERR, "usage: kshd [-54ecikKr] ");
#else
syslog(LOG_ERR, "usage: rshd");
#endif
Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: raeburn
Responsible-Changed-When: Fri Sep 14 10:43:36 2001
Responsible-Changed-Why:
refile
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id AAA28626 for <bugs@RT-11.MIT.EDU>; Tue, 27 Jan 1998 00:12:39 -0500
Received: from whatmore.Stanford.EDU by MIT.EDU with SMTP
id AA05581; Tue, 27 Jan 98 00:12:37 EST
Received: (from schwim@localhost)
by whatmore.Stanford.EDU (8.8.8/8.8.8) id VAA06854;
Mon, 26 Jan 1998 21:12:26 -0800 (PST)
Message-Id: <199801270512.VAA06854@whatmore.Stanford.EDU>
Date: Mon, 26 Jan 1998 21:12:26 -0800 (PST)
From: Larry Schwimmer <schwim@whatmore.Stanford.EDU>
To: krb5-bugs@MIT.EDU
Subject: PATCH: krb5-1.0.4 appl/bsd/krshd.c
Show quoted text
>Number: 538
>Category: krb5-appl
>Synopsis: PATCH: krb5-1.0.4 appl/bsd/krshd.c
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Tue Jan 27 00:13:00 EST 1998
>Last-Modified: Fri Sep 14 10:43:43 EDT 2001
>Originator: Larry Schwimmer
>Organization:
>Release: krb5-1.0.4
>Environment:
>Description:
>Category: krb5-appl
>Synopsis: PATCH: krb5-1.0.4 appl/bsd/krshd.c
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Tue Jan 27 00:13:00 EST 1998
>Last-Modified: Fri Sep 14 10:43:43 EDT 2001
>Originator: Larry Schwimmer
>Organization:
>Release: krb5-1.0.4
>Environment:
>Description:
Some sites still need non-kerberos rsh, but it is nice to have
source code control and a single binary. Since the krb5 kshd is based
off the standard rshd, the krb5 kshd can support both kerberos and
non-kerberos rsh with a few small modifications.
The primary reason for doing the patch was because I needed to
do it for krlogind, and doing it for kshd was little additional work.
(I have a patch for krlogind that I'll send once I seperate out the
local part of that patch.) We moved over from the krb4 daemons to the
krb5 daemons, and ran into the unfortunate discovery that the krb5
klogind did not act as a non-kerberos rlogind. We're trying to turn
off non-kerberos services, but some sites on campus still need both.
Show quoted text
>How-To-Repeat:
>Fix:
>Fix:
A binary built with this patch will support both non-kerberos
and kerberos rsh. This patch adds the non-kerberos support to kshd
and adds the commandline flag "-r", which makes it act as non-kerberos
rshd. It will also work as non-kerberos if run as in.rshd or rshd.
The patches also help clarify non-kerberos from kerberos code and
remove an unused variable. The current code does have KERBEROS
ifdef's, but the seperation with those ifdefs was incomplete.
--- appl/bsd/krshd.c.orig Thu Dec 4 19:41:52 1997
+++ appl/bsd/krshd.c Mon Jan 26 20:55:50 1998
***************
*** 48,55 ****
* or by the name of the daemon. If command-line arguments are present, they
* take priority. The options are:
* -k means trust krb4 or krb5
- * -5 means trust krb5
- * -4 means trust krb4 (using .klogin)
*
*/
--- 48,56 ----
* or by the name of the daemon. If command-line arguments are present, they
* take priority. The options are:
* -k means trust krb4 or krb5
+ * -5 means trust krb5
+ * -4 means trust krb4 (using .klogin)
+ * -r means act as non-kerberos rshd
*
*/
***************
*** 150,156 ****
#include "com_err.h"
#include "loginpaths.h"
- #define ARGSTR "ek54ciD:S:M:AP:?L:"
#define RSHD_BUFSIZ 5120
--- 151,157 ----
#include "com_err.h"
#include "loginpaths.h"
+ #define ARGSTR "ek54cirD:S:M:AP:?L:"
#define RSHD_BUFSIZ 5120
***************
*** 190,205 ****
#endif
/* There are two authentication related masks:
- * auth_ok and auth_sent.
- * The auth_ok mask is the oring of authentication systems any one
- * of which can be used.
- * The auth_sent mask is the oring of one or more authentication/authorization
- * systems that succeeded. If the anding
- * of these two masks is true, then authorization is successful.
- */
#define AUTH_KRB4 (0x1)
#define AUTH_KRB5 (0x2)
- int auth_ok = 0, auth_sent = 0;
int checksum_required = 0, checksum_ignored = 0;
char *progname;
--- 191,207 ----
#endif
/* There are two authentication related masks:
+ * auth_ok and auth_sent.
+ * The auth_ok mask is the oring of authentication systems any one
+ * of which can be used.
+ * The auth_sent mask is the oring of one or more authentication/authorization
+ * systems that succeeded. If the anding
+ * of these two masks is true, then authorization is successful.
+ */
#define AUTH_KRB4 (0x1)
#define AUTH_KRB5 (0x2)
+ #define AUTH_HOST (0x4)
+ int auth_ok = AUTH_KRB4 | AUTH_KRB5, auth_sent = 0, no_kerberos = 0;
int checksum_required = 0, checksum_ignored = 0;
char *progname;
***************
*** 261,266 ****
progname = strrchr (*argv, '/');
progname = progname ? progname + 1 : *argv;
#ifndef LOG_ODELAY /* 4.2 syslog */
openlog(progname, LOG_PID);
#else
--- 263,275 ----
progname = strrchr (*argv, '/');
progname = progname ? progname + 1 : *argv;
+ if (!strcmp(progname,"rshd") || !strcmp(progname,"in.rshd")) {
+ no_kerberos = 1;
+ auth_ok = AUTH_HOST;
+ des_read = &read;
+ des_write = &write;
+ }
+
#ifndef LOG_ODELAY /* 4.2 syslog */
openlog(progname, LOG_PID);
#else
***************
*** 271,284 ****
#endif /* 4.2 syslog */
#ifdef KERBEROS
- status = krb5_init_context(&bsd_context);
- if (status) {
syslog(LOG_ERR, "Error initializing krb5: %s",
error_message(status));
exit(1);
}
#endif
-
/* Analyze parameters. */
opterr = 0;
while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
--- 280,295 ----
#endif /* 4.2 syslog */
#ifdef KERBEROS
+ if (!no_kerberos) {
+ status = krb5_init_context(&bsd_context);
+ if (status) {
syslog(LOG_ERR, "Error initializing krb5: %s",
error_message(status));
exit(1);
+ }
}
#endif
+
/* Analyze parameters. */
opterr = 0;
while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
***************
*** 345,351 ****
exit(2);
}
break;
#endif
case 'D':
debug_port = atoi(optarg);
break;
--- 356,370 ----
exit(2);
}
break;
+
+ case 'r':
+ no_kerberos = 1;
+ des_read = &read;
+ des_write = &write;
+ auth_ok = AUTH_HOST;
+ break;
#endif
+
case 'D':
debug_port = atoi(optarg);
break;
***************
*** 579,585 ****
char buf[RSHD_BUFSIZ], sig;
struct sockaddr_in fromaddr;
struct sockaddr_in localaddr;
- int non_privileged = 0;
#ifdef POSIX_SIGNALS
struct sigaction sa;
#endif
--- 598,603 ----
char buf[RSHD_BUFSIZ], sig;
struct sockaddr_in fromaddr;
struct sockaddr_in localaddr;
#ifdef POSIX_SIGNALS
struct sigaction sa;
#endif
***************
*** 635,652 ****
}
#ifdef KERBEROS
netf = f;
- desinbuf.data = des_inbuf;
- desoutbuf.data = des_outbuf;
- if ( (fromp->sin_port >= IPPORT_RESERVED ||
- fromp->sin_port < IPPORT_RESERVED/2))
- non_privileged = 1;
- #else
if (fromp->sin_port >= IPPORT_RESERVED ||
fromp->sin_port < IPPORT_RESERVED/2) {
syslog(LOG_ERR , "connection from bad port\n");
exit(1);
}
- #endif /* KERBEROS */
#ifdef CRAY
--- 653,668 ----
}
#ifdef KERBEROS
netf = f;
+ if (!no_kerberos) {
+ desinbuf.data = des_inbuf;
+ desoutbuf.data = des_outbuf;
+ } else
+ #endif /* KERBEROS */
if (fromp->sin_port >= IPPORT_RESERVED ||
fromp->sin_port < IPPORT_RESERVED/2) {
syslog(LOG_ERR , "connection from bad port\n");
exit(1);
}
#ifdef CRAY
***************
*** 712,725 ****
exit(1);
}
#ifdef KERBEROS
- if ( port >= IPPORT_RESERVED)
- non_privileged = 1;
- #else
if (port >= IPPORT_RESERVED) {
syslog(LOG_ERR , "2nd port not reserved\n");
exit(1);
}
- #endif /* KERBEROS */
fromp->sin_port = htons((u_short)port);
if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) {
syslog(LOG_INFO ,
--- 728,740 ----
exit(1);
}
#ifdef KERBEROS
+ if (no_kerberos)
+ #endif /* KERBEROS */
if (port >= IPPORT_RESERVED) {
syslog(LOG_ERR , "2nd port not reserved\n");
exit(1);
}
+
fromp->sin_port = htons((u_short)port);
if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) {
syslog(LOG_INFO ,
***************
*** 742,757 ****
}
#ifdef KERBEROS
- if ((status = recvauth(f, fromaddr,&valid_checksum))) {
- error("Authentication failed: %s\n", error_message(status));
- exit(1);
- }
- if (!strncmp(cmdbuf, "-x ", 3))
- do_encrypt = 1;
- #else
getstr(f, remuser, sizeof(remuser), "remuser");
getstr(f, locuser, sizeof(locuser), "locuser");
getstr(f, cmdbuf, sizeof(cmdbuf), "command");
#endif /* KERBEROS */
#ifdef CRAY
--- 757,776 ----
}
#ifdef KERBEROS
+ if (!no_kerberos) {
+ if ((status = recvauth(f, fromaddr,&valid_checksum))) {
+ error("Authentication failed: %s\n", error_message(status));
+ exit(1);
+ }
+ if (!strncmp(cmdbuf, "-x ", 3))
+ do_encrypt = 1;
+ } else {
+ #endif /* KERBEROS */
getstr(f, remuser, sizeof(remuser), "remuser");
getstr(f, locuser, sizeof(locuser), "locuser");
getstr(f, cmdbuf, sizeof(cmdbuf), "command");
+ #ifdef KERBEROS
+ }
#endif /* KERBEROS */
#ifdef CRAY
***************
*** 1031,1036 ****
else auth_sent |= AUTH_KRB4;
} else
#endif
{
/* krb5_kuserok returns 1 if OK */
if (!krb5_kuserok(bsd_context, client, locuser)){
--- 1050,1056 ----
else auth_sent |= AUTH_KRB4;
} else
#endif
+ if (!no_kerberos)
{
/* krb5_kuserok returns 1 if OK */
if (!krb5_kuserok(bsd_context, client, locuser)){
***************
*** 1043,1057 ****
((auth_sys == KRB5_RECVAUTH_V4) ? AUTH_KRB4 : AUTH_KRB5);
}
-
- #else
- if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
ruserok(hostname, pwd->pw_uid == 0, remuser, locuser) < 0) {
error("Permission denied.\n");
goto signout_please;
}
- #endif /* KERBEROS */
-
if (checksum_required && !valid_checksum) {
if (auth_sent & AUTH_KRB5) {
--- 1063,1080 ----
((auth_sys == KRB5_RECVAUTH_V4) ? AUTH_KRB4 : AUTH_KRB5);
}
+ else
+ #endif /* KERBEROS */
+ if (pwd->pw_passwd == 0 || *pwd->pw_passwd == '\0' ||
ruserok(hostname, pwd->pw_uid == 0, remuser, locuser) < 0) {
error("Permission denied.\n");
goto signout_please;
}
+ #ifdef KERBEROS
+ else {
+ auth_sent |= AUTH_HOST;
+ }
+ #endif
if (checksum_required && !valid_checksum) {
if (auth_sent & AUTH_KRB5) {
***************
*** 1648,1654 ****
void usage()
{
#ifdef KERBEROS
- syslog(LOG_ERR, "usage: kshd [-54ecikK] ");
#else
syslog(LOG_ERR, "usage: rshd");
#endif
--- 1671,1677 ----
void usage()
{
#ifdef KERBEROS
+ syslog(LOG_ERR, "usage: kshd [-54ecikKr] ");
#else
syslog(LOG_ERR, "usage: rshd");
#endif
Show quoted text
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: raeburn
Responsible-Changed-When: Fri Sep 14 10:43:36 2001
Responsible-Changed-Why:
refile
Show quoted text
>Unformatted: