The openssh-3.0 announcement said: (...) 3) improved Kerberos support in protocol v1 (KerbIV and KerbV) (...) This seems to imply at least some krb5 support, but there is nothing new in ./configure --help about it. Grepping the source, I see many references to #ifdef KRB5. Trying to enable it manually (a #define in config.h) gives errors about a missing krb5_auth_con_setaddrs_from_fd, which I really can't find anywhere in the MIT sources, and many other missing functions. Yes, I know about the gssapi patch at http://www.sxw.org.uk/computing/patches/openssh.html, but it's only available for 2.9p2 so far and the poor guy has been repeatedly asking for it to be included in the mainstream version without success. So, is that planned? Krb5 in openssh? Or is there something wrong with the gssapi patches? I have openssh-3.0p1 and krb5-1.2.2 from MIT.
mouring at etoh.eviladmin.org
2001-Nov-07 15:30 UTC
what's the deal with openssh-3.0p1 and kerberos5?
OpenBSD's version of OpenSSH has KRB5 support ready for use. The portable group is still lagging a bit behind. I saw a set of Kerb5 enabling patches float by the list from Simon Wilkinson. I expect they will get merged in and it will be in a later 3.0pX release or in the next 3.x.x release. I could forward you the patch if you wish.. You need to have autoconf 2.52 or better to rebuild the ./configure script. Simon did (from what I can tell) a very good job of supporting MIT and HEIMDAL. Just too bad the two library developers can't standardize on an API. - Ben On Wed, 7 Nov 2001, Andreas Hasenack wrote:> The openssh-3.0 announcement said: > > (...) > 3) improved Kerberos support in protocol v1 (KerbIV and KerbV) > (...) > > This seems to imply at least some krb5 support, but there is nothing > new in ./configure --help about it. Grepping the source, I see many > references to #ifdef KRB5. Trying to enable it manually (a #define > in config.h) gives errors about a missing krb5_auth_con_setaddrs_from_fd, > which I really can't find anywhere in the MIT sources, and many > other missing functions. > > Yes, I know about the gssapi patch at > http://www.sxw.org.uk/computing/patches/openssh.html, but it's only > available for 2.9p2 so far and the poor guy has been repeatedly asking > for it to be included in the mainstream version without success. > So, is that planned? Krb5 in openssh? Or is there something wrong with > the gssapi patches? > > I have openssh-3.0p1 and krb5-1.2.2 from MIT. > >