Displaying 20 results from an estimated 50000 matches similar to: "[Bug 488] Patch for kerberos in clusters"
2003 Feb 06
0
[Bug 488] New: Patch for kerberos in clusters
http://bugzilla.mindrot.org/show_bug.cgi?id=488
Summary: Patch for kerberos in clusters
Product: Portable OpenSSH
Version: 3.5p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: smoogen at
2003 Feb 06
0
[Bug 488] Patch for kerberos in clusters
http://bugzilla.mindrot.org/show_bug.cgi?id=488
------- Additional Comments From smoogen at lanl.gov 2003-02-07 09:44 -------
Created an attachment (id=224)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=224&action=view)
Patch for addressless kerberos tickets
2001 Sep 27
3
Kerberos in OpenSsh 2.9.9p2
I note with interest that Kerberos support is now available (for the version
1 protocol, at least) in OpenSSH 2.9.9p2. However, it does not build with MIT
Kerberos, due to the usual Heimdal/MIT library differences. These look, by
and large, like the same problems I encountered when porting Dan Kouril's
patch to MIT Kerberos - so I'm having a go at fixing them (my GSSAPI patches
need
2006 Aug 18
1
[Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts
http://bugzilla.mindrot.org/show_bug.cgi?id=928
simon at sxw.org.uk changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |simon at sxw.org.uk
------- Comment #2 from simon at sxw.org.uk 2006-08-19 08:31 -------
I'd rather see us move towards just using
2004 Sep 14
2
GSSAPI, Kerberos and multihomed hosts
(was: "Re: Pending OpenSSH release, call for testing", topic drift at
its finest :-)
Markus Moeller wrote:
> Douglas,
>
> OK three possible settings(hostname,connection IP,GSS_C_NO_NAME) are fine for me too.
Does GSS_C_NO_NAME relate to this bug (addressless tickets)?
http://bugzilla.mindrot.org/show_bug.cgi?id=488
BTW, I opened a bug the the multihomed thing a couple of
2001 Nov 13
1
Kerberos / PAM bug in OpenSSH CVS
In do_authloop() in auth1.c(), the Kerberos 4 and 5 code both allocate, then
xfree() the client_user string. The call to do_pam_account() later in the
function then tries to use this string, resulting in a corrupt remote user.
Finally, before exiting, the function frees client_user again, resulting in a
double free and much mess.
Patch attached.
Cheers,
Simon.
--
Simon Wilkinson
2001 Nov 05
0
[PATCH] Kerberos v5 support for protocol v1
The following patch
*) Adds a configure option to turn on the existing Kerberos v5 support in
the portable version
*) Extends the code to support MIT Kerberos in addition to Heimdal
The patch is against the current CVS tree. I've tested it against MIT Keberos
1.2.2, I'd appreciate it if someone could confirm that Heimdal works with the
portable configuration stuff.
Coming RSN -
2001 Nov 13
0
Kerberos support for portable
The attached patch adds support for Heimdal and MIT Kerberos in protocol v1
in the portable code. The Heimdal side of things just enables the code that's
present in OpenBSD's 3.0 release, the MIT specific code adds compatibility
for those areas in which the Heimdal API differs. This adds a new
configuration option --with-kerberos5=<path>, which will detect which version
of the
2001 Mar 20
1
Kerberos v5 and GSSAPI support in OpenSSH
An updated version of my patch for Kerberos v5 support is now available
from
http://www.sxw.org.uk/computing/patches/openssh-2.5.2p1-krb5.patch
This patch includes updated Kerberos v5 support for protocol version 1,
and also adds GSSAPI support for protocol version 2.
Unlike the Kerberos v5 code (which will still not interoperate with
ssh.com clients and servers), the GSSAPI support is based on
2002 Mar 21
1
GSSAPI/Kerberos support in OpenSSH 3.1p1
I've now completed updating my patches for GSSAPI in protocol v2 to
OpenSSH 3.1p1
See http://www.sxw.org.uk/computing/patches/openssh.html
As previously, you will need to apply the protocol v1 krb5 patch
before the GSSAPI one, and run autoreconf from an autoconf later
than 2.52
There are a number of improvements and minor bug fixes over previous
patches. However, due to protocol changes this
2001 May 17
0
kerberos 5 support
Hi
I'd also like to express interest in Simon's kerb 5 patches being
integrated into the openssh distribution. Are there currently any
plans for this to happen and if so, what's the expected time frame?
Ben.
Simon Wilkinson <sxw at dcs.ed.ac.uk> wrote:
> My patches for SSH version 1 Kerberos 5 support (heavily based upon
> work done by Dan Kouril) are now available from
2006 Aug 18
2
[Bug 1008] GSSAPI authentication failes with Round Robin DNS hosts
http://bugzilla.mindrot.org/show_bug.cgi?id=1008
simon at sxw.org.uk changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |simon at sxw.org.uk
------- Comment #5 from simon at sxw.org.uk 2006-08-19 08:28 -------
There isn't an easy fix for this, at
2001 Feb 14
1
Kerberos/GSSAPI support
Hi,
Just wondering if anyone was looking at implementing
draft-ietf-secsh-gsskeyex-00 in OpenSSH?
My patches for SSH version 1 Kerberos 5 support (heavily based upon
work done by Dan Kouril) are now available from
http://www.sxw.org.uk/computing/patches/
Is there any interest in integrating these into the distribution? If so, I'd
be happy to update them to the development version.
Cheers,
2003 May 16
0
[Bug 488] Patch for kerberos in clusters
http://bugzilla.mindrot.org/show_bug.cgi?id=488
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|ssh |Kerberos support
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2006 Aug 17
5
[Bug 1218] GSSAPI client code permits SPNEGO usage
http://bugzilla.mindrot.org/show_bug.cgi?id=1218
Summary: GSSAPI client code permits SPNEGO usage
Product: Portable OpenSSH
Version: 4.3p2
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Kerberos support
AssignedTo: bitbucket at mindrot.org
ReportedBy:
2005 Jul 06
0
[Bug 975] Kerberos authentication timing can leak information about account validity
http://bugzilla.mindrot.org/show_bug.cgi?id=975
------- Additional Comments From simon at sxw.org.uk 2005-07-07 01:14 -------
I can't see any problem with dtucker's second patch.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2003 May 20
2
[Bug 573] Don't include krb4 headers on a krb5 compile
http://bugzilla.mindrot.org/show_bug.cgi?id=573
Summary: Don't include krb4 headers on a krb5 compile
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Kerberos support
AssignedTo: openssh-bugs at mindrot.org
2001 May 18
0
OpenSSH GSSAPI patches
An updated version of my GSSAPI patches for OpenSSH 2.9p1 is finally
available from
http://www.sxw.org.uk/computing/patches/openssh.html
These patches fix a bug with the hash calculation which will break
interoperation with earlier versions - sorry!
This release supports both Kerberos and GSI (thanks to Von Welch for the GSI
support) mechanisms, and the code in it has now been widely tested
2001 Feb 20
0
Updated patches for Kerberos v5 support
I've updated the Kerberos v5 support patches I'm maintaining to work with
OpenSSH 2.5.1p1. They're available for download from
http://www.sxw.org.uk/computing/patches/
In addition to the upgrade from 2.3.0p1 to 2.5.1p1, there's a minor bug
fix - KRB5CCNAME was being set to "" if ticket forwarding failed, which
confused some utilities.
Please note that these patches
2001 May 08
1
New kex organisation and user options.
I'm in the process of updating my GSSAPI patches to the 2.9 release. However,
I've run into a slight problem with managing to get user options to play
nicely with the way that the kex code is now organised.
With the GSS kex its possible for the user to specify whether they want to
delegate their credentials to the server or not. This option is used only on
the client side (and so is