--- openssh-5.7p1/configure.ac.orig 2011-01-22 00:37:05.000000000 +0200 +++ openssh-5.7p1/configure.ac 2011-01-24 16:21:01.711393457 +0200 @@ -3572,14 +3572,14 @@ [ AC_MSG_RESULT(yes) AC_DEFINE(HEIMDAL) K5LIBS="-lkrb5" - K5LIBS="$K5LIBS -lcom_err -lasn1" + K5LIBS="$K5LIBS -lasn1" AC_CHECK_LIB(roken, net_write, [K5LIBS="$K5LIBS -lroken"]) AC_CHECK_LIB(des, des_cbc_encrypt, [K5LIBS="$K5LIBS -ldes"]) ], [ AC_MSG_RESULT(no) - K5LIBS="-lkrb5 -lk5crypto -lcom_err" + K5LIBS="-lkrb5 -lk5crypto" ] ) AC_SEARCH_LIBS(dn_expand, resolv) diff -ur openssh-5.8p1-orig/auth-krb5.c openssh-5.8p1/auth-krb5.c --- openssh-5.8p1-orig/auth-krb5.c 2011-04-20 00:30:23.632652510 +0200 +++ openssh-5.8p1/auth-krb5.c 2011-04-20 00:34:06.218117429 +0200 @@ -88,6 +88,8 @@ #ifndef HEIMDAL krb5_creds creds; krb5_principal server; +#else + const char *ccache_type, *ccache_name; #endif krb5_error_code problem; krb5_ccache ccache = NULL; @@ -129,7 +131,11 @@ if (problem) goto out; - problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, + problem = krb5_cc_set_default_name(authctxt->krb5_ctx, NULL); + if (problem) + goto out; + problem = krb5_cc_new_unique(authctxt->krb5_ctx, + krb5_cc_default_name(authctxt->krb5_ctx), NULL, &authctxt->krb5_fwd_ccache); if (problem) goto out; @@ -180,12 +186,23 @@ goto out; #endif +#ifdef HEIMDAL + ccache_type = krb5_cc_get_type(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); + ccache_name = krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); + if (strncmp(ccache_type, "FILE", 4) == 0) { + authctxt->krb5_ticket_file = (char *)ccache_name; + } + len = strlen(ccache_type) + strlen(ccache_name) + 2; + authctxt->krb5_ccname = xmalloc(len); + snprintf(authctxt->krb5_ccname, len, "%s:%s", ccache_type, ccache_name); +#else authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); len = strlen(authctxt->krb5_ticket_file) + 6; authctxt->krb5_ccname = xmalloc(len); snprintf(authctxt->krb5_ccname, len, "FILE:%s", authctxt->krb5_ticket_file); +#endif #ifdef USE_PAM if (options.use_pam) diff -ur openssh-5.8p1-orig/gss-serv-krb5.c openssh-5.8p1/gss-serv-krb5.c --- openssh-5.8p1-orig/gss-serv-krb5.c 2011-04-20 00:30:23.632652510 +0200 +++ openssh-5.8p1/gss-serv-krb5.c 2011-04-20 00:34:06.218117429 +0200 @@ -121,6 +121,9 @@ krb5_principal princ; OM_uint32 maj_status, min_status; int len; +#ifdef HEIMDAL + const char *ccache_type, *ccache_name; +#endif if (client->creds == NULL) { debug("No credentials stored"); @@ -131,8 +134,14 @@ return; #ifdef HEIMDAL - if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) { - logit("krb5_cc_gen_new(): %.100s", + if ((problem = krb5_cc_set_default_name(krb_context, NULL))) { + logit("krb5_cc_set_default_name(): %.100s", + krb5_get_err_text(krb_context, problem)); + return; + } + if ((problem = krb5_cc_new_unique(krb_context, + krb5_cc_default_name(krb_context), NULL, &ccache))) { + logit("krb5_cc_new_unique(): %.100s", krb5_get_err_text(krb_context, problem)); return; } @@ -169,11 +178,23 @@ return; } +#ifdef HEIMDAL + ccache_type = krb5_cc_get_type(krb_context, ccache); + ccache_name = krb5_cc_get_name(krb_context, ccache); + if (strncmp(ccache_type, "FILE", 4) == 0) { + client->store.filename = xstrdup(ccache_name); + } + client->store.envvar = "KRB5CCNAME"; + len = strlen(ccache_type) + strlen(ccache_name) + 2; + client->store.envval = xmalloc(len); + snprintf(client->store.envval, len, "%s:%s", ccache_type, ccache_name); +#else client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache)); client->store.envvar = "KRB5CCNAME"; len = strlen(client->store.filename) + 6; client->store.envval = xmalloc(len); snprintf(client->store.envval, len, "FILE:%s", client->store.filename); +#endif #ifdef USE_PAM if (options.use_pam)