From bf69b476306066fea74b28874baaf9f38984371b Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Sep 24 2015 13:57:11 +0000 Subject: Allow gss-keyex root login when without-password is set (#2456) Reported upstream, but applicable also for our gss-keyex patch: https://bugzilla.mindrot.org/show_bug.cgi?id=2456 --- diff --git a/openssh-6.6p1-gsskex.patch b/openssh-6.6p1-gsskex.patch index a347aa7..2feb7b5 100644 --- a/openssh-6.6p1-gsskex.patch +++ b/openssh-6.6p1-gsskex.patch @@ -2730,3 +2730,15 @@ diff -up openssh-7.1p1/sshkey.h.gsskex openssh-7.1p1/sshkey.h KEY_UNSPEC }; +diff --git a/auth.c b/auth.c +index 4d1fbbe..5db39c4 100644 +--- a/auth.c ++++ b/auth.c +@@ -354,6 +354,7 @@ auth_root_allowed(const char *method) + case PERMIT_NO_PASSWD: + if (strcmp(method, "publickey") == 0 || + strcmp(method, "hostbased") == 0 || ++ strcmp(method, "gssapi-keyex") == 0 || + strcmp(method, "gssapi-with-mic") == 0) + return 1; + break;