This is a resend, the first try got bounced because of the message size limit on the list. -------------- next part -------------- An embedded message was scrubbed... From: Damien Miller <damien at ibs.com.au> Subject: [Fwd: OpenSSH for UNIX] Date: Thu, 02 Dec 1999 10:52:38 +1100 Size: 73561 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/19991202/e81e7166/attachment.mht
On Thu, 2 Dec 1999, Damien Miller wrote:> This patch seems to use the same CMSG type as the KRBIV support > currently in OpenSSH. Would it be better to recommend to the author > that he defines a new CMSG for KRBV instead?actually, in the mainline ssh-1.2.27 code, the KERBEROS protocol messages are for Kerberos v5 - my original Kerberos v4 patches weren't integrated (they originally had dependencies on AFS, etc.). it would be nice if we could do some magic to determine the version of Kerberos being used automatically, based on ticket contents. i'm sure this is possible (perhaps just using pvno in AP_REQ messages), i haven't looked too deeply into it yet. i'll try to take a look at this soon.> Around this issue: what is the policy for defining new message types > in the future?imo, i don't think we should be extending the protocol at all. the only exception i could see to that would be GSS-API support, which would (theoretically, anyhow) be the last security flavor we'd ever have to add (too bad it's so unwieldy and relatively unused). -d. --- http://www.monkey.org/~dugsong/
> I have received a patch (attached) which adds Kerberos V support to > OpenSSH. I recall some discussion about KRBV support on the list > previously; it was mentioned that there was a problem in providing it > in a manner compatible with the current KRBIV support.Any status of these patches being implemented in the source tree yet? Thanks - Peter
Peter Losher wrote:> > > I have received a patch (attached) which adds Kerberos V support to > > OpenSSH. I recall some discussion about KRBV support on the list > > previously; it was mentioned that there was a problem in providing it > > in a manner compatible with the current KRBIV support. > > Any status of these patches being implemented in the source tree yet?Unfortunatly no. There were questions regarding the exportability of the patches (they were written in the USA) and the author eventually withdrew them. Regards, Damien Miller