--- openssh-5.9p1/configure.ac~ 2011-08-18 06:48:24.000000000 +0200 +++ openssh-5.9p1/configure.ac 2011-09-06 19:00:46.856319713 +0200 @@ -3424,13 +3424,13 @@ [ AC_MSG_RESULT([yes]) AC_DEFINE([HEIMDAL]) K5LIBS="-lkrb5" - K5LIBS="$K5LIBS -lcom_err -lasn1" + K5LIBS="$K5LIBS -lasn1" AC_CHECK_LIB([roken], [net_write], [K5LIBS="$K5LIBS -lroken"]) AC_CHECK_LIB([des], [des_cbc_encrypt], [K5LIBS="$K5LIBS -ldes"]) ], [ AC_MSG_RESULT([no]) - K5LIBS="-lkrb5 -lk5crypto -lcom_err" + K5LIBS="-lkrb5 -lk5crypto" ]) AC_SEARCH_LIBS([dn_expand], [resolv]) diff -ur openssh-5.8p1-orig/auth-krb5.c openssh-5.8p1/auth-krb5.c --- openssh-5.8p1-orig/auth-krb5.c 2011-04-20 00:30:23.632652510 +0200 +++ openssh-5.8p1/auth-krb5.c 2011-04-20 00:34:06.218117429 +0200 @@ -88,6 +88,8 @@ #ifndef HEIMDAL krb5_creds creds; krb5_principal server; +#else + const char *ccache_type, *ccache_name; #endif krb5_error_code problem; krb5_ccache ccache = NULL; @@ -129,7 +131,11 @@ if (problem) goto out; - problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, + problem = krb5_cc_set_default_name(authctxt->krb5_ctx, NULL); + if (problem) + goto out; + problem = krb5_cc_new_unique(authctxt->krb5_ctx, + krb5_cc_default_name(authctxt->krb5_ctx), NULL, &authctxt->krb5_fwd_ccache); if (problem) goto out; @@ -180,12 +186,23 @@ goto out; #endif +#ifdef HEIMDAL + ccache_type = krb5_cc_get_type(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); + ccache_name = krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); + if (strncmp(ccache_type, "FILE", 4) == 0) { + authctxt->krb5_ticket_file = (char *)ccache_name; + } + len = strlen(ccache_type) + strlen(ccache_name) + 2; + authctxt->krb5_ccname = xmalloc(len); + snprintf(authctxt->krb5_ccname, len, "%s:%s", ccache_type, ccache_name); +#else authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); len = strlen(authctxt->krb5_ticket_file) + 6; authctxt->krb5_ccname = xmalloc(len); snprintf(authctxt->krb5_ccname, len, "FILE:%s", authctxt->krb5_ticket_file); +#endif #ifdef USE_PAM if (options.use_pam) diff -ur openssh-5.8p1-orig/gss-serv-krb5.c openssh-5.8p1/gss-serv-krb5.c --- openssh-5.8p1-orig/gss-serv-krb5.c 2011-04-20 00:30:23.632652510 +0200 +++ openssh-5.8p1/gss-serv-krb5.c 2011-04-20 00:34:06.218117429 +0200 @@ -121,6 +121,9 @@ krb5_principal princ; OM_uint32 maj_status, min_status; int len; +#ifdef HEIMDAL + const char *ccache_type, *ccache_name; +#endif if (client->creds == NULL) { debug("No credentials stored"); @@ -131,8 +134,14 @@ return; #ifdef HEIMDAL - if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) { - logit("krb5_cc_gen_new(): %.100s", + if ((problem = krb5_cc_set_default_name(krb_context, NULL))) { + logit("krb5_cc_set_default_name(): %.100s", + krb5_get_err_text(krb_context, problem)); + return; + } + if ((problem = krb5_cc_new_unique(krb_context, + krb5_cc_default_name(krb_context), NULL, &ccache))) { + logit("krb5_cc_new_unique(): %.100s", krb5_get_err_text(krb_context, problem)); return; } @@ -169,11 +178,23 @@ return; } +#ifdef HEIMDAL + ccache_type = krb5_cc_get_type(krb_context, ccache); + ccache_name = krb5_cc_get_name(krb_context, ccache); + if (strncmp(ccache_type, "FILE", 4) == 0) { + client->store.filename = xstrdup(ccache_name); + } + client->store.envvar = "KRB5CCNAME"; + len = strlen(ccache_type) + strlen(ccache_name) + 2; + client->store.envval = xmalloc(len); + snprintf(client->store.envval, len, "%s:%s", ccache_type, ccache_name); +#else client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache)); client->store.envvar = "KRB5CCNAME"; len = strlen(client->store.filename) + 6; client->store.envval = xmalloc(len); snprintf(client->store.envval, len, "FILE:%s", client->store.filename); +#endif #ifdef USE_PAM if (options.use_pam)