New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gssauth trickledown fix (2.0) #1061

Merged
merged 4 commits into from Sep 12, 2017

Conversation

Projects
None yet
2 participants
@akruis
Contributor

akruis commented Sep 12, 2017

AuthHandler: handle "gssapi-with-mic" errors

Paramiko now tries other authentication methods, if "gssapi-with-mic" authentication fails (i.e. no kerberos ticket). Before this change, any failure of GSSAPI token exchange caused the transport to be closed.

akruis added some commits Aug 1, 2017

Added paramiko.GSS_EXCEPTIONS: exception types used by GSSAPI
This new constant is a tuple of the exception types used by the
underlying GSSAPI/SSPI implementation.
AuthHandler: fix the server-mode "gssapi-with-mic" logic
A paramiko server is now able to handle a restart of the user
authentication during the GSS-API token exchange. This may occur, if
the client detects a local GSSAPI problem (e.g. a missing kerberos
ticket) and continues with another authentication method.

The added test case test_2_auth_trickledown still fails, because the
paramiko client contains a bug too.
AuthHandler: handle local "gssapi-with-mic" errors in client mode
Paramiko now tries other authentication methods, if "gssapi-with-mic"
authentication may fails for a local reason (i.e. no kerberos ticket).

Befor this change, any exception from the GSSAPI/SSPI caused the
transport to be closed.

bitprophet added a commit that referenced this pull request Sep 12, 2017

@bitprophet bitprophet merged commit 85996f5 into paramiko:2.0 Sep 12, 2017

1 of 3 checks passed

codecov/patch 23.15% of diff hit (target 74.58%)
Details
codecov/project 74.23% (-0.36%) compared to 853a37f
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment