diff options
Diffstat (limited to 'debian/ssh-krb5.postinst')
| -rw-r--r-- | debian/ssh-krb5.postinst | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/debian/ssh-krb5.postinst b/debian/ssh-krb5.postinst new file mode 100644 index 0000000..f799acc --- /dev/null +++ b/debian/ssh-krb5.postinst @@ -0,0 +1,61 @@ +#!/bin/sh + +set -e + +action="$1" +oldversion="$2" + +if [ "$action" = configure ] ; then + # Make sure that GSSAPI is enabled. If there is no uncommented GSSAPI + # configuration, uncomment any commented-out configuration if present + # (this will catch the case of a fresh install of openssh-server). + # Otherwise, add configuration turning on GSSAPIAuthentication and + # GSSAPIKeyExchange. + # + # If there is some configuration, we may be upgrading from ssh-krb5. It + # enabled GSSAPIKeyExchange without any configuration option. Therefore, + # if it isn't explicitly set, always enable it for compatible behavior + # with ssh-krb5. + if dpkg --compare-versions "$oldversion" ge 1:4.3p2-9; then + : + else + changed= + if grep -qi '^[ ]*GSSAPI' /etc/ssh/sshd_config ; then + if grep -qi '^[ ]*GSSAPIKeyExchange' /etc/ssh/sshd_config ; then + : + else + changed=true + cat >> /etc/ssh/sshd_config <<EOF + +# GSSAPI key exchange (added by ssh-krb5 transitional package) +GSSAPIKeyExchange yes +EOF + fi + else + changed=true + if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then + perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b.*/$1 yes/i' \ + < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new + chown --reference /etc/ssh/sshd_config \ + /etc/ssh/sshd_config.dpkg-new + chmod --reference /etc/ssh/sshd_config \ + /etc/ssh/sshd_config.dpkg-new + mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config + else + cat >> /etc/ssh/sshd_config <<EOF + +# GSSAPI authentication (added by ssh-krb5 transitional package) +GSSAPIAuthentication yes +GSSAPIKeyExchange yes +EOF + fi + fi + if [ -n "$changed" ]; then + invoke-rc.d ssh restart + fi + fi +fi + +#DEBHELPER# + +exit 0 |