search for: ccapi

http://bugzilla.mindrot.org/show_bug.cgi?id=1245 Summary: Add support for Darwin CCAPI Product: Portable OpenSSH Version: -current Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: bitbucket at mindrot.org ReportedBy: simon a...

...What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #2 from Damien Miller <djm at mindrot.org> 2007-06-22 15:34:00 --- Do the USE_CCAPI bits depend on the USE_SECURITY_SESSION_API bit or vice-versa? Also, did CCAPI stuff come from Darwin or Debian? If from Darwin, we will need to ensure that it is appropriately licensed. -- Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mai...

...; <sip:5462000@65.67.76.41>;tag=as3e9b26ba 7025: To: <sip:6329900@10.1.3.28>;tag=6231D0-207E 7027: Call-ID: 023bbbe91f61ad7529d14ffb2be36b0d@65.67.76.41 7028: Server: Cisco-SIPGateway/IOS-12.x 7030: Content-Length: 0 7032: 7034: 006966: Dec 29 01:48:05.083: Queued event From SIP SPI to CCAPI/DNS : SIPSPI_EV_CC_CALL_PROCEEDING 7035: 006967: Dec 29 01:48:05.083: ccsip_report_digit_control: enable=0: 7036: 006968: Dec 29 01:48:05.083: ccsip_report_digit_control: disabled. 7038: 006970: Dec 29 01:48:05.083: ccsip_report_digit_control: enable=0: 7040: 006972: Dec 29 01:48:05.083: CCSIP-SPI...

...anisms to OpenSSH, along with adding some additional features to the GSSAPI code that is already in the tree. The patch implements: *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. (#1242) *) Support for the null host key type (#1242) *) Support for CCAPI credentials caches on Mac OS X (#1245) *) Support for better error handling when an authentication exchange fails due to server misconfiguration (#1244) *) Support for GSSAPI connections to hosts behind a round-robin load balancer (#1008) *) Support for GSSAPI connections to multi-home...

...I key exchange uses Kerberos to validate the servers identity, and can eliminate the need to maintain known hosts files of server public keys across your site. These patches also contain a number of improvements as a result of resyncing against the Debian patch set, including: *) Support for the CCAPI on Darwin *) Support for the Security Session API on Darwin *) Support for not counting failures due to bad server configuration against the clients number of permitted authentication attempts Thanks to Sam Hartman, Alexandra Ellwood and Harald Barth Cheers, Simon.

...The patch implements: *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. This can be enabled through the GSSAPIKeyExchange option on both client and server (bugzilla.mindrot.org #1242) *) Support for the null host key type *) Support for CCAPI caches on Mac OS X (bugzilla.mindrot.org #1245) *) Don't penalise the client for authentication failures caused by server misconfiguration (bugzilla.mindrot.org #1244) *) Better error reporting when using GSSAPI libraries containing multiple mechanisms (bugzi...

...gzilla.mindrot.org/show_bug.cgi?id=1008 GSSAPI authentication failes with Round Robin DNS hosts http://bugzilla.mindrot.org/show_bug.cgi?id=1244 Detect auth configuration failures and don't count them against the client http://bugzilla.mindrot.org/show_bug.cgi?id=1245 Add support for Darwin CCAPI Thanks, Simon.

...xchange mechanisms to OpenSSH, along with some minor fixes for the GSSAPI code that is already in the tree. The patch implements: *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. (#1242) *) Support for the null host key type (#1242) *) Support for CCAPI credentials caches on Mac OS X (#1245) *) Support for better error handling when an authentication exchange fails due to server misconfiguration (#1244) *) Better error reporting when using a GSSAPI library which supports multiple mechanisms (#1220) *) Support for GSSAPI connections to...

...port for the RFC4462 GSSAPI key exchange mechanisms to OpenSSH, along with adding some additional, generic, GSSAPI features. It implements *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. (#1242) *) Support for the null host key type (#1242) *) Support for CCAPI credentials caches on Mac OS X (#1245) *) Support for better error handling when an authentication exchange fails due to server misconfiguration (#1244) *) Support for GSSAPI connections to hosts behind a round-robin load balancer (#1008) *) Support for GSSAPI connections to multi-homed hosts,...

...s support for the RFC4462 GSSAPI key exchange mechanisms to OpenSSH, along with adding some additional, generic, GSSAPI features. It implements: *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. (#1242) *) Support for the null host key type (#1242) *) Support for CCAPI credentials caches on Mac OS X (#1245) *) Support for better error handling when an authentication exchange fails due to server misconfiguration (#1244) *) Support for GSSAPI connections to hosts behind a round-robin load balancer (#1008) *) Support for GSSAPI connections to multi-homed hosts, wher...

...or the RFC4462 GSSAPI key exchange mechanisms to OpenSSH, along with adding some additional, generic, GSSAPI features. It implements *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. (#1242) *) Support for the null host key type (#1242) *) Support for CCAPI credentials caches on Mac OS X (#1245) *) Support for better error handling when an authentication exchange fails due to server misconfiguration (#1244) *) Support for GSSAPI connections to hosts behind a round-robin load balancer (#1008) *) Support for GSSAPI connections to multi-homed...

...ccache as it always did. * We do not set the environment KRBCCNAME if the default ccache is used. Tools using kerberos know where the cache is, if it is in default location. When we were setting it, we were hitting the error explained in the above bugzilla. * Adds some portability bits for windows (CCAPI ccache if supported instead of files under /tmp/) Feel free to comment if there is anything unclear in the patch or in the comments. The variation of this patch is used in both Fedora and RHEL. -- You are receiving this mail because: You are watching the assignee of the bug.

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |