From mike.gabriel@das-netzwerkteam.de Sat Jan 10 01:16:04 2015 Received: (at submit) by bugs.x2go.org; 10 Jan 2015 00:16:10 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 3CF385DEAA for ; Sat, 10 Jan 2015 01:16:04 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id C38723221 for ; Sat, 10 Jan 2015 01:16:03 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 577FD3C841 for ; Sat, 10 Jan 2015 01:16:03 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2dBVQ1ripacU for ; Sat, 10 Jan 2015 01:16:03 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 16E873C7AB for ; Sat, 10 Jan 2015 01:16:03 +0100 (CET) Received: from bifrost.das-netzwerkteam.de (bifrost.das-netzwerkteam.de [178.62.101.154]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Sat, 10 Jan 2015 00:16:03 +0000 Date: Sat, 10 Jan 2015 00:16:03 +0000 Message-ID: <20150110001603.Horde.RZlmXfUQgaeCAysehUiZAg1@mail.das-netzwerkteam.de> From: Mike Gabriel To: submit@bugs.x2go.org Subject: ssh-agent gets used although GSSAPI is enabled and agent-auth is disabled User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 178.62.101.154 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_ZI207iYB578XC0gbl5eTHw1"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_ZI207iYB578XC0gbl5eTHw1 Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: x2goclient Version: 4.0.3.1 Severity: important Control: block -1 by 733 I have... autologin=3Dfalse krblogin=3Dtrue _plus_ a running ssh-agent, loaded with my private SSH key. The X2Go Server has the public SSH key belonging to the private key=20=20 loaded=20into the agent. If the remote server does not support GSSAPIauthentication (set to=20=20 "no"=20via sshd_config), then X2Go Client should fall back to=20=20 username+password=20(KbdInteractiveAuthentication). At the time of writing this, X2Go Client nonetheless uses the running=20=20 ssh-agent=20and performs a PubkeyAuthentication. However, this breaks GSSAPI credentials delegation... Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_ZI207iYB578XC0gbl5eTHw1 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJUsG9CAAoJEJr0azAldxsxY20P/2djPGzQVt5aOJKFf6R7mAXA 1Fj6u9okdawZU2hVTD3Ba76BCbcknZXDt+tpn/QgvJb2bnU1/OLUlYb/x99ss8iN mbZWA6v98c6VDQ9trQTOZfgcPmG5qwxHaOrF0SSGnwQyIkgdkI0Q7WOl0dwlfTsQ V9Fxg62VCKO4Z0mJy+q3buERC5BAWcAz7/yIaMHidR/nJp5+zKhlFU1vc/taFFwL xzhAKZigprW32Ch5yUwsRlMXmRyDgctkCIJ+nhRr64oXmDId0wWp/aoByDAGT5nj wPUrvI+O+mcL3H2s0O6JgXyGDU/M5AMtpfouXrMu3sorHPikbx2D0v2TPPp8B9Ql 0Xx3AyJ3K8bl0ooY5/PQLMT0hzhHiT72PYtRgpwMuKjbz/M7xN8EJAtDb38Xkw0v E4ySg/9zSjwigz4NWmEXbfgdlswcD1pjA/CvxTdV5yz6ZNWrhS7KzR8rlEteQhWh kiMI5yxR8DG8Qm9y5yE8cQwxsHGnPpxG/OPCU+77nVkiklOP/qjuUejI/eiX+uJK 73pL/QwZjAjXYtPH0/Nl2K64mQLJK+NBnMRwOe4tvslKxdahAmG4Ddr0SBcQuKPW 6zgl1hrd8hfn9MOzb9LO/S+m/TbM04iZB9xr1238EgxRMppeSErEcSaSSrx3PQ1s s+I2xjvDmJd3Q78nrtS8 =59y8 -----END PGP SIGNATURE----- --=_ZI207iYB578XC0gbl5eTHw1--