- markus@cvs.openbsd.org 2003/08/31 13:29:05

[session.c]
     call ssh_gssapi_storecreds conditionally from do_exec();
     with sxw@inf.ed.ac.uk

ChangeLog

@@ -22,6 +22,10 @@
    - markus@cvs.openbsd.org 2003/08/31 12:14:22
      [progressmeter.c]
      do write to buf[-1]
+   - markus@cvs.openbsd.org 2003/08/31 13:29:05
+     [session.c]
+     call ssh_gssapi_storecreds conditionally from do_exec(); 
+     with sxw@inf.ed.ac.uk
 
 20030829
  - (bal) openbsd-compat/ clean up.  Considate headers, add in Id on our
@@ -937,4 +941,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.2925 2003/09/02 12:53:32 djm Exp $
+$Id: ChangeLog,v 1.2926 2003/09/02 12:55:45 djm Exp $

session.c

@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.162 2003/08/28 12:54:34 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.163 2003/08/31 13:29:05 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -394,12 +394,6 @@ do_exec_no_pty(Session *s, const char *command)
 
 	session_proctitle(s);
 
-#ifdef GSSAPI
-	temporarily_use_uid(s->pw);
-	ssh_gssapi_storecreds();
-	restore_uid();
-#endif
-
 #if defined(USE_PAM)
 	if (options.use_pam) {
 		do_pam_session(s->pw->pw_name, NULL);
@@ -529,12 +523,6 @@ do_exec_pty(Session *s, const char *command)
 	ptyfd = s->ptyfd;
 	ttyfd = s->ttyfd;
 
-#ifdef GSSAPI
-	temporarily_use_uid(s->pw);
-	ssh_gssapi_storecreds();
-	restore_uid();
-#endif
-
 #if defined(USE_PAM)
 	if (options.use_pam) {
 		do_pam_session(s->pw->pw_name, s->tty);
@@ -663,6 +651,14 @@ do_exec(Session *s, const char *command)
 		debug("Forced command '%.900s'", command);
 	}
 
+#ifdef GSSAPI
+	if (options.gss_authentication) {
+		temporarily_use_uid(s->pw);
+		ssh_gssapi_storecreds();
+		restore_uid();
+	}
+#endif
+
 	if (s->ttyfd != -1)
 		do_exec_pty(s, command);
 	else