similar to: Kerberos in OpenSsh 2.9.9p2

Hi, Just wondering if anyone was looking at implementing draft-ietf-secsh-gsskeyex-00 in OpenSSH? My patches for SSH version 1 Kerberos 5 support (heavily based upon work done by Dan Kouril) are now available from http://www.sxw.org.uk/computing/patches/ Is there any interest in integrating these into the distribution? If so, I'd be happy to update them to the development version. Cheers,

Portable OpenSSH 2.9p2 has just been uploaded and shall be making its way to the mirrors listed at http://www.openssh.com/portable.html shortly. This release fixes the "cookies" file deletion problem reported on BUGTRAQ as well as a few other minor (non-security) bugs. No new features have been added in this release. Regards, Damien Miller -- | Damien Miller <djm at

Portable OpenSSH 2.9p2 has just been uploaded and shall be making its way to the mirrors listed at http://www.openssh.com/portable.html shortly. This release fixes the "cookies" file deletion problem reported on BUGTRAQ as well as a few other minor (non-security) bugs. No new features have been added in this release. Regards, Damien Miller -- | Damien Miller <djm at

https://bugzilla.mindrot.org/show_bug.cgi?id=1276 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #1233| |ok+ Flag| |

https://bugzilla.mindrot.org/show_bug.cgi?id=1601 Summary: Memory leak caused by forwarded GSSAPI credential store Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at

http://bugzilla.mindrot.org/show_bug.cgi?id=1312 Summary: Add short command-line option -K for activating GSSAPIDelegateCredentials Product: Portable OpenSSH Version: 4.4p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Kerberos support

https://bugzilla.mindrot.org/show_bug.cgi?id=928 --- Comment #9 from Darren Tucker <dtucker at zip.com.au> 2010-01-11 17:11:06 EST --- Created an attachment (id=1775) --> (https://bugzilla.mindrot.org/attachment.cgi?id=1775) sshd-gssapi-multihomed.patch I updated patch #1182 to OpenBSD current and fixed a few minor whitespace things. I also removed this warning from the man page:

Hi, I am trying to impliment OpenSSH v2.9p1 with the Krb5/GSSAPI patches at: http://www.sxw.org.uk/computing/patches/openssh-2.9p1-gssapi.patch On a FreeBSD 4.3-STABLE system (with both the integrated Heimdal libs and the MIT Krb5 package from ports intstalled). I patched the src tree, reconfigured, recompiled, installed, and it works - except for Krb5 passwords or Krb5 tickets. And I really

Is there a ./configure argument to turn off gssapi authentication for openssh-2.5.2p2? Best Herman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010713/fd511d47/attachment.html

i've compiled openssh with the gssapi patches on a solaris 8 system using sun's SEAM. gssapi isn't initializing properly it seems. debug2: input_userauth_request: try method gssapi debug1: Mechanism negotiation is not supported Failed gssapi for xxxx from xxxx port 33555 ssh2 sun's kerberized tools are working fine. any help would be appreciated. -- http://chemlab.org -

Now that RFC 4462 has been published, I was wondering if there would be any interest in looking again at integrating the key exchange portions of my GSSAPI patch into the OpenSSH tree? As I've mentioned before, key exchange has significant benefits for large sites as it allows them to use Kerberos to authenticate ssh hosts, and removes the need to maintain and distribute ssh known_hosts

The openssh-3.0 announcement said: (...) 3) improved Kerberos support in protocol v1 (KerbIV and KerbV) (...) This seems to imply at least some krb5 support, but there is nothing new in ./configure --help about it. Grepping the source, I see many references to #ifdef KRB5. Trying to enable it manually (a #define in config.h) gives errors about a missing krb5_auth_con_setaddrs_from_fd, which I

I'm please to announce that patches for GSSAPI support in 3.6.1p2 are now available from http://www.sxw.org.uk/computing/patches/openssh.html These bring the patch set up to conditional compliance with version 6 of the GSSAPI draft, and fix a couple of long standing encoding bugs pointed out by other implementors. Cheers, Simon. -------------- next part -------------- A non-text attachment

Hello, I have a little question and this regarding the compilation of the latest release of OpenSSH on a Linux Slackware version 8 box. We are currently using Kerberos 5 for user authentification and I saw that in SSH there is only an option to configure called: --with-kerberos4, so my question is: what do I need to do to get Kerberos 5 support into OpenSSH ? I am using the MIT kerberos version

An updated version of my patch for Kerberos v5 support is now available from http://www.sxw.org.uk/computing/patches/openssh-2.5.2p1-krb5.patch This patch includes updated Kerberos v5 support for protocol version 1, and also adds GSSAPI support for protocol version 2. Unlike the Kerberos v5 code (which will still not interoperate with ssh.com clients and servers), the GSSAPI support is based on

https://bugzilla.mindrot.org/show_bug.cgi?id=1583 Summary: User principal name in AIX Product: Portable OpenSSH Version: 5.2p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=616 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org, | |simon at sxw.org.uk --- Comment #2 from

I've now completed updating my patches for GSSAPI in protocol v2 to OpenSSH 3.1p1 See http://www.sxw.org.uk/computing/patches/openssh.html As previously, you will need to apply the protocol v1 krb5 patch before the GSSAPI one, and run autoreconf from an autoconf later than 2.52 There are a number of improvements and minor bug fixes over previous patches. However, due to protocol changes this

Are there any patches to enable Krb5 for OpenSSH? I'm trying to get a proof of concept done so I can eventually roll Krb5 and OpenSSH out as our primary AA infrastructure and I'm having a hard time of it. Can someone point me to info to help? -- Austin Gonyou Systems Architect Coremetrics, Inc. Phone: 512-796-9023 email: austin at coremetrics.com

Is there any work going into placing keys in a central directory such as LDAP ? Jeff McElroy jmcelroy at dtgnet.com