similar to: SSH2 GSSAPI/KerberosV.

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 simon at sxw.org.uk changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |simon at sxw.org.uk ------- Comment #5 from simon at sxw.org.uk 2006-08-19 08:28 ------- There isn't an easy fix for this, at

http://bugzilla.mindrot.org/show_bug.cgi?id=928 simon at sxw.org.uk changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |simon at sxw.org.uk ------- Comment #2 from simon at sxw.org.uk 2006-08-19 08:31 ------- I'd rather see us move towards just using

After reading some more from the archives, a private email, and some general research, I see that KerbV support has been dropped in favor of GSSAPI. Which is fine, and wonderful, I support GSSAPI. But, erm, the announcement says, "This release contains some GSSAPI user authentication support to replace legacy KerberosV authentication support. At present this code is still considered

An updated version of my GSSAPI patches for OpenSSH 2.9p1 is finally available from http://www.sxw.org.uk/computing/patches/openssh.html These patches fix a bug with the hash calculation which will break interoperation with earlier versions - sorry! This release supports both Kerberos and GSI (thanks to Von Welch for the GSI support) mechanisms, and the code in it has now been widely tested

http://bugzilla.mindrot.org/show_bug.cgi?id=1218 Summary: GSSAPI client code permits SPNEGO usage Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: bitbucket at mindrot.org ReportedBy:

Just a quick heads up to warn those of you using my gss-keyex patches that there's a small buglet in them which will affect interoperability. I'm building the hash incorrectly (by including a zero length string where there shouldn't be one). This will mean that when trying to interoperate with other implementations (if there are any :-) you'll get a message about the MIC not

As much as I hate to raise the question of another large contributed patch, given recent traffic, what are the chances of my patch for GSSAPI authentication making it into the tree? Its now been widely reviewed, and seems to be seeing a fair bit of use. There is support for multiple GSSAPI mechanisms. I'm happy to adapt the patch as necessary to get it included - either against the

[ If you're not familiar with the GSSAPI key exchange patches, or unsure why they make OpenSSH usable in large Kerberos deployments, http://www.sxw.org.uk/computing/patches/openssh.html contains some background information ] Regular readers of these emails will be aware that they've recently all begun with apologies for the delay in producing the patch - this has been down to a poor tool

Hi, Just wondering if anyone was looking at implementing draft-ietf-secsh-gsskeyex-00 in OpenSSH? My patches for SSH version 1 Kerberos 5 support (heavily based upon work done by Dan Kouril) are now available from http://www.sxw.org.uk/computing/patches/ Is there any interest in integrating these into the distribution? If so, I'd be happy to update them to the development version. Cheers,

Hi, I am trying to impliment OpenSSH v2.9p1 with the Krb5/GSSAPI patches at: http://www.sxw.org.uk/computing/patches/openssh-2.9p1-gssapi.patch On a FreeBSD 4.3-STABLE system (with both the integrated Heimdal libs and the MIT Krb5 package from ports intstalled). I patched the src tree, reconfigured, recompiled, installed, and it works - except for Krb5 passwords or Krb5 tickets. And I really

Will Simon Wilkinson's GSSAPI Key Exchange patch ever be incorporated into the OpenSSH source? http://www.sxw.org.uk/computing/patches/openssh.html I'm sure I'm not the only one that uses it and would like to see it become part of the OpenSSH source. Is there something missing or is there some technical/philosophical reason for not including it?

I'm please to announce that patches for GSSAPI support in 3.6.1p2 are now available from http://www.sxw.org.uk/computing/patches/openssh.html These bring the patch set up to conditional compliance with version 6 of the GSSAPI draft, and fix a couple of long standing encoding bugs pointed out by other implementors. Cheers, Simon. -------------- next part -------------- A non-text attachment

http://bugzilla.mindrot.org/show_bug.cgi?id=1220 Summary: Fix error messages for multiple mechanism GSSAPI libraries Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=1225 Summary: Tidy up GSSAPI code Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: bitbucket at mindrot.org ReportedBy: simon at sxw.org.uk

http://bugzilla.mindrot.org/show_bug.cgi?id=1242 Summary: GSSAPI Keyexchange support Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: bitbucket at mindrot.org ReportedBy: simon at

An updated version of my patch for Kerberos v5 support is now available from http://www.sxw.org.uk/computing/patches/openssh-2.5.2p1-krb5.patch This patch includes updated Kerberos v5 support for protocol version 1, and also adds GSSAPI support for protocol version 2. Unlike the Kerberos v5 code (which will still not interoperate with ssh.com clients and servers), the GSSAPI support is based on

I've now completed updating my patches for GSSAPI in protocol v2 to OpenSSH 3.1p1 See http://www.sxw.org.uk/computing/patches/openssh.html As previously, you will need to apply the protocol v1 krb5 patch before the GSSAPI one, and run autoreconf from an autoconf later than 2.52 There are a number of improvements and minor bug fixes over previous patches. However, due to protocol changes this

Hello, Kevin Way wrote: > I'm curious if there are technical (or other) reasons that prevent > FreeBSD from adding RFC 4462 (GSSAPI Key Exchange) support to sshd. > The MIT Kerberos team first requested this four years ago, and > implementation patches have been available for years at: > http://www.sxw.org.uk/computing/patches/openssh.html > > The author of those

Hi, I'm pleased to be able to announce the availability of my GSSAPI Key Exchange patch for OpenSSH 4.4p1. This patch adds RFC4462 compatibility to OpenSSH, along with adding additional GSSAPI support that is yet to make it into the main tree. The patch implements: *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. This can be enabled through the

The latest version of my patches providing GSSAPI support for OpenSSH is available from http://www.sxw.org.uk/computing/patches/openssh.html These patches provide support for authentication mechanisms such as Kerberos and GSI with version 2 of the SSH protocol. They are conditionally compliant with draft-ietf-secsh-gsskeyex-03.txt, with the optional error message passing and host key validation