search for: kouril

resending to the whole mailing list .. ----- Forwarded message from kouril ----- Date: Wed, 26 Jun 2002 11:50:14 +0200 To: Damien Miller <djm at mindrot.org> Subject: Re: [Fwd: Kerberos buglet in OpenSSH-3.3p1] User-Agent: Mutt/1.2.5i In-Reply-To: <1025084114.12959.0.camel at mothra.mindrot.org>; from djm at mindrot.org on Wed, Jun 26, 2002 at 07:35:14PM +100...

...see if the patch would work with MIT or MIT-derived K5 libraries. -- Mike Fisk, RADIANT Team, Network Engineering Group, Los Alamos National Lab See http://home.lanl.gov/mfisk/ for contact information ---------- Forwarded message ---------- Date: Thu, 3 Feb 2000 15:33:34 +0100 (MET) From: Daniel Kouril <kouril at informatics.muni.cz> Subject: openssh To: heimdal-discuss at sics.se X-Sender: kouril at aisa I made a patch supporting heimdal. http://www.fi.muni.cz/~kouril/openssh-1.2.1pre24.patch

I note with interest that Kerberos support is now available (for the version 1 protocol, at least) in OpenSSH 2.9.9p2. However, it does not build with MIT Kerberos, due to the usual Heimdal/MIT library differences. These look, by and large, like the same problems I encountered when porting Dan Kouril's patch to MIT Kerberos - so I'm having a go at fixing them (my GSSAPI patches need to use the KRB5 define too :-) If I package these fixes up and submit them, is there any likelihood of them making it into the portable code (suitably #ifdef'd, of course)? Cheers, Simon. -- Simon...

What is the target version for all the KRB5 bits to be in place. I know there is very much in place right now, but I remember someone mentioning there was just a GSSAPI/MITKRB5 patch being waited for. TIA. -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin at coremetrics.com "One ought never to turn one's back on a threatened danger and try

Hi, Just wondering if anyone was looking at implementing draft-ietf-secsh-gsskeyex-00 in OpenSSH? My patches for SSH version 1 Kerberos 5 support (heavily based upon work done by Dan Kouril) are now available from http://www.sxw.org.uk/computing/patches/ Is there any interest in integrating these into the distribution? If so, I'd be happy to update them to the development version. Cheers, Simon

...r KRB4 ticket passing between #ifdef AFS && KRB4 (instead of only AFS as in the current code). The patch is created against OpenSSH 3.0.2p1, tested with Heimdal implementation of Kerberos V5. Would it be possible to add the patch to the standard distribution? with best regards -- Daniel Kouril -------------- next part -------------- --- Makefile.in 2002/01/23 10:09:09 1.1 +++ Makefile.in 2002/01/23 10:10:50 @@ -50,7 +50,7 @@ SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o -SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o aut...

Portable OpenSSH 2.9p2 has just been uploaded and shall be making its way to the mirrors listed at http://www.openssh.com/portable.html shortly. This release fixes the "cookies" file deletion problem reported on BUGTRAQ as well as a few other minor (non-security) bugs. No new features have been added in this release. Regards, Damien Miller -- | Damien Miller <djm at

...s being integrated into the openssh distribution. Are there currently any plans for this to happen and if so, what's the expected time frame? Ben. Simon Wilkinson <sxw at dcs.ed.ac.uk> wrote: > My patches for SSH version 1 Kerberos 5 support (heavily based upon > work done by Dan Kouril) are now available from > http://www.sxw.org.uk/computing/patches/ Is there any interest in > integrating these into the distribution? If so, I'd be happy to update > them to the development version. --------------- Ben McConaghy Systems Programmer Information Technology Services Wat...

...sorry! This release supports both Kerberos and GSI (thanks to Von Welch for the GSI support) mechanisms, and the code in it has now been widely tested and reviewed. I'd like it to be considered for inclusion in the OpenSSH codebase. Thanks to Chris Chiappa, Bill Fithen, John Kilburg, Daniel Kouril, Dan Russell and Von Welch for their suggestions and patches. -- Simon Wilkinson <simon at sxw.org.uk> http://www.sxw.org.uk "Beware of bugs in the above code: I have only proved it correct, not tried it." - Donald Knuth

Portable OpenSSH 2.9p2 has just been uploaded and shall be making its way to the mirrors listed at http://www.openssh.com/portable.html shortly. This release fixes the "cookies" file deletion problem reported on BUGTRAQ as well as a few other minor (non-security) bugs. No new features have been added in this release. Regards, Damien Miller -- | Damien Miller <djm at

Hello all, I'm not able to get Kerberos5 authenticarion work together with PrivSep. According to strace, it seems that the kerberos authentication stage is performed by the user process in chrooted enviroment. The problem is that Kerberos authentication must be done by root. Is anybody working on a fix? (or am I missing something in configuration?) Thanks for any advice. -- Dan

...ication failed Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: kouril at ics.muni.cz The client should forward krb5 ticket to the server only if krb5 authentication was done. Otherwise the krb5 session keys are not set properly and creating of the credentials to delegate fails. Likewise, the server should accept delegation of krb5 ticket only if the client has aut...

...ication failed Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: kouril at ics.muni.cz The client should forward krb5 ticket to the server only if krb5 authentication was done. Otherwise the krb5 session keys are not set properly and creating of the credentials to delegate fails. Likewise, the server should accept delegation of krb5 ticket only if the client has aut...

http://bugzilla.mindrot.org/show_bug.cgi?id=456 ------- Additional Comments From kouril at ics.muni.cz 2002-12-13 20:34 ------- Created an attachment (id=185) --> (http://bugzilla.mindrot.org/attachment.cgi?id=185&action=view) Don't delegate/accept delegated ticket if krb5 authentication hasn't been done ------- You are receiving this mail because: ------- You are...

Are there any patches to enable Krb5 for OpenSSH? I'm trying to get a proof of concept done so I can eventually roll Krb5 and OpenSSH out as our primary AA infrastructure and I'm having a hard time of it. Can someone point me to info to help? -- Austin Gonyou Systems Architect Coremetrics, Inc. Phone: 512-796-9023 email: austin at coremetrics.com