search for: engert

...per interface, which isn't a problem as gss_import will select the right one. Kerberos depends on a one-to-one mapping of hostname to ip-address. You should never have a hostname with two ip-addresses, Kerberos won't normaly work. Regards Markus On Mon Sep 13 16:14 , 'Douglas E. Engert' <deengert at anl.gov> sent: > > >Darren Tucker wrote: > >> Markus Moeller wrote: >> >>> Could you add to this release a patch which allows gssapi to be used >>> on a multihomed server please ? There have been several proposals >>>...

...dCurve would probably do. But what OID to use? I'm happy to reserve 1.3.6.1.4.1.11591.9 to mean a namedCurve value for Ed25519 in PKCS#11. I'm not sure this approach works out -- but let's try. /Simon > Cheers, > > Thomas > > On Thu, Oct 8, 2015 at 2:00 PM, Douglas E Engert <deengert at gmail.com> wrote: > >> >> >> On 10/8/2015 4:49 AM, Simon Josefsson wrote: >> >>> Mathias Brossard <mathias at brossard.org> writes: >>> >>> Hi, >>>> >>>> I have made a patch for enabling the use o...

...-agent). At least it might be useful as a test case. > > /Simon > > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > -- Douglas E. Engert <DEEngert at gmail.com>

...and OpenSSH builds with the GSSAPI. There is also a seperate issue with the MIT version of krb5-config with finding the location of gssapi.h. Its in thier .../include/gssapi which is not returned by the krb5-config --cflags. I have reported that to MIT as a seperate bug. -- Douglas E. Engert <DEEngert at anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444

...uld be seperate as it has no real dependency on the MIT code. I would hope that the members of the OpenSSH community who use OpenAFS, Hiemdal and/or MIT could agree on a simple command line interface that would encourage the builders of OpenSSH to always have this enabled. -- Douglas E. Engert <DEEngert at anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444

...which will be /tmp or /home, depending on the vm. >> >> Someone requested a trace, so ill post that tomorrow, hopefully it will be helpful. >> >> Appreciate very much you all?s input! >> >> Best, >> Dave >> On Jun 11, 2024 at 2:00?PM -0400, Douglas E Engert <deengert at gmail.com>, wrote: >>> >>> >>> On 6/6/2024 8:26 AM, Dave Macias wrote: >>>> *I wanted to see if I could make the cache file user-specific, instead of >>>> the default location (/tmp/krb5cc-blabla).* >>> SSH is creating a...

Hi, we are using usernames on our systems that contain a point '.', like "r.john". We found it necessary to patch the source to make the "scp" command work with those usernames. Cheers Kai --- openssh-2.2.0p1/scp.c Wed Aug 30 01:11:30 2000 +++ withpoint/scp.c Mon Dec 11 02:06:35 2000 @@ -1042,7 +1042,7 @@ c = *cp; if (c & 0200) goto bad; - if

...bla environment variable is set; which will be /tmp or /home, depending on the vm. > > Someone requested a trace, so ill post that tomorrow, hopefully it will be helpful. > > Appreciate very much you all?s input! > > Best, > Dave > On Jun 11, 2024 at 2:00?PM -0400, Douglas E Engert <deengert at gmail.com>, wrote: > > > > > > On 6/6/2024 8:26 AM, Dave Macias wrote: > > > *I wanted to see if I could make the cache file user-specific, instead of > > > the default location (/tmp/krb5cc-blabla).* > > SSH is creating a separate ticket...

On 6/24/2017 11:35 AM, Emmanuel Deloget wrote: > Hello Douglas, > > On Fri, Jun 23, 2017 at 9:16 PM, Douglas E Engert <deengert at gmail.com <mailto:deengert at gmail.com>> wrote: > > OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing > > a shim for OpenSSL-1.1, the OpenSC code has been converted to > > the OpenSSL-1.1 API and a sc-ossl-compat.h" file co...

...ach of the 4 vms, a?KRB5CCNAME=FILE:/bla environment variable is set; which will be /tmp or /home, depending on the vm. Someone requested a trace, so ill post that tomorrow, hopefully it will be helpful. Appreciate very much you all?s input! Best, Dave On Jun 11, 2024 at 2:00?PM -0400, Douglas E Engert <deengert at gmail.com>, wrote: > > > On 6/6/2024 8:26 AM, Dave Macias wrote: > > *I wanted to see if I could make the cache file user-specific, instead of > > the default location (/tmp/krb5cc-blabla).* > SSH is creating a separate ticket cache file for each login ses...

...means the cache is destroyed upon a shutdown/restart. /tmp is also a local file system. /home may be on a network disk which has other issues. > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev -- Douglas E. Engert <DEEngert at gmail.com>

I am trying to transition several HP/UX 11i (PA/RISC) servers from ssh.com over to OpenSSH+GSSAPI (3.9p1) and it's complaining about the GSSAPI include files: -=- gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/ssl/include -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -I/usr/local/krb5/include -DSSHDIR=\"/usr/local/etc\"

...st to those who wish to use KerberosGetAFSToken (currently requires Heimdal libkafs) in combination with GSSAPIDelegateCredentials. The patch is in the public domain and comes with no warranty whatsoever. Applies to pristine 3.8p1. Works for me on Solaris and Tru64. I'd probably have used Doug Engert's patch from 2004-01-30 if Heimdal's afslog command supported -setpag; although to be honest I don't really like the idea of children being able to change their parent's PAG. * modified files ./auth-krb5.c ./auth.h ./session.c * file diffs --- orig/auth-krb5.c +++ mo...

[[Sending again, as for some strange reason it is not accepted]] Hello OpenSSH developers, I maintain external patch for PKCS#11 smartcard support into OpenSSH[1] , many users already apply and use this patch. I wish to know if anyone is interesting in working toward merging this into mainline. I had some discussion with Damien Miller, but then he disappeared. Having standard smartcard

On Jan 17, 2017, at 9:57 AM, Douglas E Engert <deengert at gmail.com> wrote: > On 1/16/2017 2:09 PM, Ron Frederick wrote: >> I?m working on an implementation of ?gssapi-with-mic? authentication for my AsyncSSH package and trying to get it to interoperate with OpenSSH. I?ve gotten it working, but there seems to be a discrepancy b...

----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's

...loget >> >> (*) that does not mean openssl is not great. >> _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev at mindrot.org >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > -- Douglas E. Engert <DEEngert at gmail.com>

Is there a way to run sshd on a windows 2000 server and have ssh clients authenticate to it using domain level authentication? Mike

I'm really scratching my head on this one. The server is running OpenSSH 5.1p1 on Solaris 9. The authentication is via PAM if that matters. # grep X11 sshd_config | sed '/^#/D' X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes # Now I attach to my 'master' sshd and follow all children to look for any evidence of "DISPLAY": # truss -f -a -e -p 14923

I took Markus Friedl's advice and set up a KbdintDevice for Kerberos password authentication/expiry. It took me a bit to wrap my head around privsep, but I think it's working properly (code stolen shamelessly from FBSD's PAM implementation :->). The hardest part was working out how to get the interaction between krb5_get_init_creds_password() (along with the prompter) to work