Displaying 20 results from an estimated 8000 matches similar to: "GSSAPI patches for OpenSSH 3.4p1 now available"
2001 Mar 20
1
Kerberos v5 and GSSAPI support in OpenSSH
An updated version of my patch for Kerberos v5 support is now available
from
http://www.sxw.org.uk/computing/patches/openssh-2.5.2p1-krb5.patch
This patch includes updated Kerberos v5 support for protocol version 1,
and also adds GSSAPI support for protocol version 2.
Unlike the Kerberos v5 code (which will still not interoperate with
ssh.com clients and servers), the GSSAPI support is based on
2002 May 27
0
GSSAPI patches for OpenSSH 3.2.3p1
The latest version of my patches providing GSSAPI support for OpenSSH
is available from http://www.sxw.org.uk/computing/patches/openssh.html
These patches provide support for authentication mechanisms such as
Kerberos and GSI with version 2 of the SSH protocol. They are
conditionally compliant with draft-ietf-secsh-gsskeyex-03.txt, with
the optional error message passing and host key validation
2002 Mar 21
1
GSSAPI/Kerberos support in OpenSSH 3.1p1
I've now completed updating my patches for GSSAPI in protocol v2 to
OpenSSH 3.1p1
See http://www.sxw.org.uk/computing/patches/openssh.html
As previously, you will need to apply the protocol v1 krb5 patch
before the GSSAPI one, and run autoreconf from an autoconf later
than 2.52
There are a number of improvements and minor bug fixes over previous
patches. However, due to protocol changes this
2001 Feb 14
1
Kerberos/GSSAPI support
Hi,
Just wondering if anyone was looking at implementing
draft-ietf-secsh-gsskeyex-00 in OpenSSH?
My patches for SSH version 1 Kerberos 5 support (heavily based upon
work done by Dan Kouril) are now available from
http://www.sxw.org.uk/computing/patches/
Is there any interest in integrating these into the distribution? If so, I'd
be happy to update them to the development version.
Cheers,
2003 Jun 27
3
Kerberos Support in OpenSSH
Dear Sir and Madam:
I'm writing to you on behalf of the MIT Kerberos team and several
other parties interested in the availability of Kerberos
authentication for the SSH protocol.
We recently noticed that the OpenSSH developers had added support for
the kerberos-2 at ssh.com user authentication mechanism. We are
delighted but we believe additional steps are necessary, as explained
2004 May 23
5
OpenSSH v3.8p1 fails to interoperate for GSSAPI (Kerberos) and X-Windows
Versions: openssh-3.8p1-33, heimdal-0.6.1rc3-51, XFree86-4.3.99.902-40,
tk-8.4.6-37, all from SuSE 9.1 (unhacked); back-version peers have
openssh-3.5p1, XFree86-4.3.0-115, etc. from SuSE 8.2.
Symptoms:
1. When the client and server versions are unequal, the Kerberos ticket
is not accepted for authentication. All the clients have
PreferredAuthentications gssapi-with-mic, gssapi, others.
2.
2001 May 18
0
OpenSSH GSSAPI patches
An updated version of my GSSAPI patches for OpenSSH 2.9p1 is finally
available from
http://www.sxw.org.uk/computing/patches/openssh.html
These patches fix a bug with the hash calculation which will break
interoperation with earlier versions - sorry!
This release supports both Kerberos and GSI (thanks to Von Welch for the GSI
support) mechanisms, and the code in it has now been widely tested
2005 Oct 10
0
[Bug 1100] GSSAPI-with-mic doesn't handle empty usernames
http://bugzilla.mindrot.org/show_bug.cgi?id=1100
Summary: GSSAPI-with-mic doesn't handle empty usernames
Product: Portable OpenSSH
Version: 4.2p1
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy:
2009 May 23
7
[Bug 1601] New: Memory leak caused by forwarded GSSAPI credential store
https://bugzilla.mindrot.org/show_bug.cgi?id=1601
Summary: Memory leak caused by forwarded GSSAPI credential
store
Product: Portable OpenSSH
Version: 5.2p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at
2001 May 10
0
Buglet in my GSSAPI patches
Just a quick heads up to warn those of you using my gss-keyex patches that
there's a small buglet in them which will affect interoperability. I'm
building the hash incorrectly (by including a zero length string where there
shouldn't be one). This will mean that when trying to interoperate with other
implementations (if there are any :-) you'll get a message about the MIC not
2001 May 21
1
Problems with Krb5/GSSAPI patches in FBSD 4.3
Hi,
I am trying to impliment OpenSSH v2.9p1 with the Krb5/GSSAPI patches at:
http://www.sxw.org.uk/computing/patches/openssh-2.9p1-gssapi.patch
On a FreeBSD 4.3-STABLE system (with both the integrated Heimdal libs and
the MIT Krb5 package from ports intstalled). I patched the src tree,
reconfigured, recompiled, installed, and it works - except for Krb5
passwords or Krb5 tickets. And I really
2002 Jul 09
0
Openssh 3.4p1 and Krb5
Hi All,
I am running openssh with kerberos 5 protocol 2 on several different unix platforms courtesy of Simon's patch at www.sxw.org.uk (Thanks again Simon et all!) Openssh 3.2 and earlier had compiled and run successfully for me on all platforms, but I have had limited success with 3.4. It compiles and runs flawlessly on redhat 7.1, 7.2 and 7.3. But on Solaris 8 and Irix 6.5.15, it will
2003 May 01
1
GSSAPI patches
I'm please to announce that patches for GSSAPI support in 3.6.1p2 are
now available from
http://www.sxw.org.uk/computing/patches/openssh.html
These bring the patch set up to conditional compliance with version 6
of the GSSAPI draft, and fix a couple of long standing encoding bugs
pointed out by other implementors.
Cheers,
Simon.
-------------- next part --------------
A non-text attachment
2005 Sep 26
0
New GSSAPI Key Exchange patch for OpenSSH 4.2p1
Hi,
This is to announce the availability of a new version of my GSSAPI key
exchange patch for OpenSSH.
The code is available from
http://www.sxw.org.uk/computing/patches/openssh.html
Changes since the last release are:
*) Implement GSS group exchange
*) Disable DNS canonicalization of the hostname passed to the GSSAPI
library - an option is provided to allow this to be overriden on
2003 Sep 03
1
value for SSH_MSG_USERAUTH_GSSAPI_ERRTOK
Hi,
i notice in draft-ietf-secsh-gsskeyex-06.txt that the value for
SSH_MSG_USERAUTH_GSSAPI_ERRTOK is not defined. does anyone know what this
should be (i guess *will* be in a future rev)? thanks
glen
2001 Jun 04
0
GSSAPI patch
As much as I hate to raise the question of another large contributed patch,
given recent traffic, what are the chances of my patch for GSSAPI
authentication making it into the tree?
Its now been widely reviewed, and seems to be seeing a fair bit of use. There
is support for multiple GSSAPI mechanisms. I'm happy to adapt the patch as
necessary to get it included - either against the
2006 Aug 18
1
[Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts
http://bugzilla.mindrot.org/show_bug.cgi?id=928
simon at sxw.org.uk changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |simon at sxw.org.uk
------- Comment #2 from simon at sxw.org.uk 2006-08-19 08:31 -------
I'd rather see us move towards just using
2014 Apr 14
2
[Bug 2227] New: Support version 6
https://bugzilla.mindrot.org/show_bug.cgi?id=2227
Bug ID: 2227
Summary: Support version 6
Product: Portable OpenSSH
Version: 6.6p1
Hardware: 68k
OS: Mac OS X
Status: NEW
Severity: enhancement
Priority: P5
Component: sftp-server
Assignee: unassigned-bugs at mindrot.org
2004 Jan 22
11
Pending OpenSSH release: contains Kerberos/GSSAPI changes
(I hope this message is appropriate for these lists. If not, please
tell me and I won't do it again.)
Hi All.
There will be a new release of OpenSSH in a couple of weeks. This
release contains Kerberos and GSSAPI related changes that we would like
to get some feedback about (and hopefully address any issues with)
before the release.
I encourage anyone with an interest in
2003 May 01
2
Kerberos password auth/expiry kbdint patch
I took Markus Friedl's advice and set up a KbdintDevice for Kerberos
password authentication/expiry. It took me a bit to wrap my head
around privsep, but I think it's working properly (code stolen
shamelessly from FBSD's PAM implementation :->).
The hardest part was working out how to get the interaction
between krb5_get_init_creds_password() (along with the prompter)
to work