similar to: Updated patches for Kerberos v5 support

An updated version of my patch for Kerberos v5 support is now available from http://www.sxw.org.uk/computing/patches/openssh-2.5.2p1-krb5.patch This patch includes updated Kerberos v5 support for protocol version 1, and also adds GSSAPI support for protocol version 2. Unlike the Kerberos v5 code (which will still not interoperate with ssh.com clients and servers), the GSSAPI support is based on

The following patch *) Adds a configure option to turn on the existing Kerberos v5 support in the portable version *) Extends the code to support MIT Kerberos in addition to Heimdal The patch is against the current CVS tree. I've tested it against MIT Keberos 1.2.2, I'd appreciate it if someone could confirm that Heimdal works with the portable configuration stuff. Coming RSN -

Hi, This is just a quick note to let people know that I've _almost_ got Kerberos V5 working based on the patches posted to this list. I'm currently at the stage where Kerberos principals can be used to verify logins (ie Kerberos credentials are correctly passed), but I haven't (yet) got ticket forwarding to work - this is the next step! I've taken the original patches and updated

I note with interest that Kerberos support is now available (for the version 1 protocol, at least) in OpenSSH 2.9.9p2. However, it does not build with MIT Kerberos, due to the usual Heimdal/MIT library differences. These look, by and large, like the same problems I encountered when porting Dan Kouril's patch to MIT Kerberos - so I'm having a go at fixing them (my GSSAPI patches need

I've now completed updating my patches for GSSAPI in protocol v2 to OpenSSH 3.1p1 See http://www.sxw.org.uk/computing/patches/openssh.html As previously, you will need to apply the protocol v1 krb5 patch before the GSSAPI one, and run autoreconf from an autoconf later than 2.52 There are a number of improvements and minor bug fixes over previous patches. However, due to protocol changes this

Hello, I have a little question and this regarding the compilation of the latest release of OpenSSH on a Linux Slackware version 8 box. We are currently using Kerberos 5 for user authentification and I saw that in SSH there is only an option to configure called: --with-kerberos4, so my question is: what do I need to do to get Kerberos 5 support into OpenSSH ? I am using the MIT kerberos version

https://bugzilla.mindrot.org/show_bug.cgi?id=1601 Summary: Memory leak caused by forwarded GSSAPI credential store Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at

http://bugzilla.mindrot.org/show_bug.cgi?id=751 Summary: KRB5CCNAME set incorrectly in GSSAPI code Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: openssh-bugs at mindrot.org

An updated version of my GSSAPI patches for OpenSSH 2.9p1 is finally available from http://www.sxw.org.uk/computing/patches/openssh.html These patches fix a bug with the hash calculation which will break interoperation with earlier versions - sorry! This release supports both Kerberos and GSI (thanks to Von Welch for the GSI support) mechanisms, and the code in it has now been widely tested

In do_authloop() in auth1.c(), the Kerberos 4 and 5 code both allocate, then xfree() the client_user string. The call to do_pam_account() later in the function then tries to use this string, resulting in a corrupt remote user. Finally, before exiting, the function frees client_user again, resulting in a double free and much mess. Patch attached. Cheers, Simon. -- Simon Wilkinson

Hi, I am trying to impliment OpenSSH v2.9p1 with the Krb5/GSSAPI patches at: http://www.sxw.org.uk/computing/patches/openssh-2.9p1-gssapi.patch On a FreeBSD 4.3-STABLE system (with both the integrated Heimdal libs and the MIT Krb5 package from ports intstalled). I patched the src tree, reconfigured, recompiled, installed, and it works - except for Krb5 passwords or Krb5 tickets. And I really

I'm using a OpenSSH 3.0.2p1 with the krb5 patch from <http://www.sxw.org.uk/computing/patches/openssh.html>. I'm getting KRB5CCNAME set to "" even though <http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98269278629018&w=2> mentions fixing it. This causes things like kinit to fail with a somewhat uninformative error message. The relevant sshd_config lines

Dear Sir and Madam: I'm writing to you on behalf of the MIT Kerberos team and several other parties interested in the availability of Kerberos authentication for the SSH protocol. We recently noticed that the OpenSSH developers had added support for the kerberos-2 at ssh.com user authentication mechanism. We are delighted but we believe additional steps are necessary, as explained

I'm please to announce that patches for GSSAPI support in 3.6.1p2 are now available from http://www.sxw.org.uk/computing/patches/openssh.html These bring the patch set up to conditional compliance with version 6 of the GSSAPI draft, and fix a couple of long standing encoding bugs pointed out by other implementors. Cheers, Simon. -------------- next part -------------- A non-text attachment

Hi I'd also like to express interest in Simon's kerb 5 patches being integrated into the openssh distribution. Are there currently any plans for this to happen and if so, what's the expected time frame? Ben. Simon Wilkinson <sxw at dcs.ed.ac.uk> wrote: > My patches for SSH version 1 Kerberos 5 support (heavily based upon > work done by Dan Kouril) are now available from

The attached patch adds support for Heimdal and MIT Kerberos in protocol v1 in the portable code. The Heimdal side of things just enables the code that's present in OpenBSD's 3.0 release, the MIT specific code adds compatibility for those areas in which the Heimdal API differs. This adds a new configuration option --with-kerberos5=<path>, which will detect which version of the

http://bugzilla.mindrot.org/show_bug.cgi?id=372 ------- Additional Comments From simon at sxw.org.uk 2003-05-21 00:45 ------- If this is reproducable, then its a bug somewhere. Could you confirm which Kerberos library and version you've seen this problem with? Are the credentials correctly created in /tmp, and KRB5CCNAME just isn't set right, or are the credentials not being

Hi, Just wondering if anyone was looking at implementing draft-ietf-secsh-gsskeyex-00 in OpenSSH? My patches for SSH version 1 Kerberos 5 support (heavily based upon work done by Dan Kouril) are now available from http://www.sxw.org.uk/computing/patches/ Is there any interest in integrating these into the distribution? If so, I'd be happy to update them to the development version. Cheers,

https://bugzilla.mindrot.org/show_bug.cgi?id=928 --- Comment #9 from Darren Tucker <dtucker at zip.com.au> 2010-01-11 17:11:06 EST --- Created an attachment (id=1775) --> (https://bugzilla.mindrot.org/attachment.cgi?id=1775) sshd-gssapi-multihomed.patch I updated patch #1182 to OpenBSD current and fixed a few minor whitespace things. I also removed this warning from the man page:

I'm in the process of updating my GSSAPI patches to the 2.9 release. However, I've run into a slight problem with managing to get user options to play nicely with the way that the kex code is now organised. With the GSS kex its possible for the user to specify whether they want to delegate their credentials to the server or not. This option is used only on the client side (and so is