[28667] in Source-Commits
ssh-server-config commit: Remove GSSAPI disabling workaround
daemon@ATHENA.MIT.EDU (Anders Kaseorg)
Tue Jul 5 01:50:03 2016
Date: Tue, 5 Jul 2016 01:49:59 -0400
From: Anders Kaseorg <andersk@mit.edu>
Message-Id: <201607050549.u655nxev031476@drugstore.mit.edu>
To: source-commits@mit.edu
https://github.com/mit-athena/ssh-server-config/commit/81346f68b1a0b48f6f9ac2f3ad11779f6e92bd5c
commit 81346f68b1a0b48f6f9ac2f3ad11779f6e92bd5c
Author: Anders Kaseorg <andersk@mit.edu>
Date: Tue Jul 5 01:43:05 2016 -0400
Remove GSSAPI disabling workaround
Remove the workaround that disabled GSSAPI if there’s no keytab,
because the problem it addressed was only present with
GSSAPIKeyExchange=yes clients, the workaround is no longer effective
at addressing this problem on any supported releases, and it is
incompatible with systemd (Trac: #1562).
debian/changelog | 10 ++++++++++
debian/rules | 2 +-
debian/transform_ssh.debathena | 7 -------
3 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 3eb45ae..fcaacb8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+debathena-ssh-server-config (1.11) unstable; urgency=medium
+
+ * Remove the workaround that disabled GSSAPI if there’s no keytab,
+ because the problem it addressed was only present with
+ GSSAPIKeyExchange=yes clients, the workaround is no longer effective
+ at addressing this problem on any supported releases, and it is
+ incompatible with systemd (Trac: #1562).
+
+ -- Anders Kaseorg <andersk@mit.edu> Tue, 05 Jul 2016 01:36:38 -0400
+
debathena-ssh-server-config (1.10) unstable; urgency=low
[ Jonathan Reed ]
diff --git a/debian/rules b/debian/rules
index 4af93df..b92285d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -3,7 +3,7 @@
DEB_DIVERT_EXTENSION = .debathena
DEB_DIVERT_FILES_debathena-ssh-server-config += \
/etc/ssh/sshd_config.debathena
-DEB_TRANSFORM_FILES_debathena-ssh-server-config += \
+DEB_UNDIVERT_FILES_debathena-ssh-server-config += \
/etc/default/ssh.debathena
include /usr/share/cdbs/1/rules/debhelper.mk
include /usr/share/cdbs/1/rules/config-package.mk
diff --git a/debian/transform_ssh.debathena b/debian/transform_ssh.debathena
deleted file mode 100755
index 288407a..0000000
--- a/debian/transform_ssh.debathena
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/perl -0p
-s|SSHD_OPTS=|SSHD_OPTS=
-
-\x23 Disable GSSAPI if there's no keytab when sshd is started
-if [ ! -e /etc/krb5.keytab ]; then
- SSHD_OPTS="\$SSHD_OPTS -o GSSAPIKeyExchange=no -o GSSAPIAuthentication=no"
-fi|x or die;
