search for: rfc4462

...ys is an additional, unneccessary, burden. GSSAPI key exchange allows the use of security mechanisms such as Kerberos to authenticate the server to the user, removing the need for trusted ssh host keys, and allowing the use of a single security architecture. This patch adds support for the RFC4462 GSSAPI key exchange mechanisms to OpenSSH, along with adding some additional features to the GSSAPI code that is already in the tree. The patch implements: *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. (#1242) *) Support for the null host key type...

Hi, I'm pleased to be able to announce the availability of my GSSAPI Key Exchange patch for OpenSSH 4.4p1. This patch adds RFC4462 compatibility to OpenSSH, along with adding additional GSSAPI support that is yet to make it into the main tree. The patch implements: *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. This can be enabled through the GSSAPIKeyExchange option on bot...

Hi, I'm pleased to announce the availability of my GSSAPI Key Exchange patch for OpenSSH 4.6p1. This patch adds support for the RFC4462 GSSAPI key exchange mechanisms to OpenSSH, along with some minor fixes for the GSSAPI code that is already in the tree. The patch implements: *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. (#1242) *) Support for the null host key type (#1242) *)...

...itional, unnecessary, key management burden. GSSAPI key exchange allows the use of security mechanisms such as Kerberos to authenticate the server to the user, removing the need for trusted ssh host keys, and allowing the use of a single security architecture. This patch adds support for the RFC4462 GSSAPI key exchange mechanisms to OpenSSH, along with adding some additional, generic, GSSAPI features. It implements *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. (#1242) *) Support for the null host key type (#1242) *) Support for CCAPI credentials ca...

...nal, unnecessary, key management burden. GSSAPI key exchange allows the use of security mechanisms such as Kerberos to authenticate the server to the user, removing the need for trusted ssh host keys, and allowing the use of a single security architecture. How? ---- This patch adds support for the RFC4462 GSSAPI key exchange mechanisms to OpenSSH, along with adding some additional, generic, GSSAPI features. It implements: *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. (#1242) *) Support for the null host key type (#1242) *) Support for CCAPI credentials caches...

...itional, unnecessary, key management burden. GSSAPI key exchange allows the use of security mechanisms such as Kerberos to authenticate the server to the user, removing the need for trusted ssh host keys, and allowing the use of a single security architecture. This patch adds support for the RFC4462 GSSAPI key exchange mechanisms to OpenSSH, along with adding some additional, generic, GSSAPI features. It implements *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. (#1242) *) Support for the null host key type (#1242) *) Support for CCAPI credenti...

...Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: bitbucket at mindrot.org ReportedBy: simon at sxw.org.uk RFC4462 states that "mechanisms conforming to this document MUST NOT use SPNEGO as the underlying GSS-API mechanism". Unfortunately, the check in the GSSAPI client code has disappeared somewhere in the midsts of time. The attached patch reinstates this check, as well as tidying up the mechanism...

Dear all, (apologoies - this has nothing to do with 4.7 being out, but is rather a long-standing issue that regularly bites us). Is there anything I could do to further the case of https://bugzilla.mindrot.org/show_bug.cgi?id=1008 As a summary, GSSAPI auth against machine in a DNS load-balanced server farm fails. SSH-1 Kerberos works. DNS load-balanced farm: Individual machines in the farm