Displaying 20 results from an estimated 4000 matches similar to: "gss userauth (fwd)"
2002 Mar 21
1
GSSAPI/Kerberos support in OpenSSH 3.1p1
I've now completed updating my patches for GSSAPI in protocol v2 to
OpenSSH 3.1p1
See http://www.sxw.org.uk/computing/patches/openssh.html
As previously, you will need to apply the protocol v1 krb5 patch
before the GSSAPI one, and run autoreconf from an autoconf later
than 2.52
There are a number of improvements and minor bug fixes over previous
patches. However, due to protocol changes this
2003 Jun 27
3
Kerberos Support in OpenSSH
Dear Sir and Madam:
I'm writing to you on behalf of the MIT Kerberos team and several
other parties interested in the availability of Kerberos
authentication for the SSH protocol.
We recently noticed that the OpenSSH developers had added support for
the kerberos-2 at ssh.com user authentication mechanism. We are
delighted but we believe additional steps are necessary, as explained
2001 Mar 20
1
Kerberos v5 and GSSAPI support in OpenSSH
An updated version of my patch for Kerberos v5 support is now available
from
http://www.sxw.org.uk/computing/patches/openssh-2.5.2p1-krb5.patch
This patch includes updated Kerberos v5 support for protocol version 1,
and also adds GSSAPI support for protocol version 2.
Unlike the Kerberos v5 code (which will still not interoperate with
ssh.com clients and servers), the GSSAPI support is based on
2003 May 01
2
Kerberos password auth/expiry kbdint patch
I took Markus Friedl's advice and set up a KbdintDevice for Kerberos
password authentication/expiry. It took me a bit to wrap my head
around privsep, but I think it's working properly (code stolen
shamelessly from FBSD's PAM implementation :->).
The hardest part was working out how to get the interaction
between krb5_get_init_creds_password() (along with the prompter)
to work
2003 Sep 03
1
value for SSH_MSG_USERAUTH_GSSAPI_ERRTOK
Hi,
i notice in draft-ietf-secsh-gsskeyex-06.txt that the value for
SSH_MSG_USERAUTH_GSSAPI_ERRTOK is not defined. does anyone know what this
should be (i guess *will* be in a future rev)? thanks
glen
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2004 Jan 22
11
Pending OpenSSH release: contains Kerberos/GSSAPI changes
(I hope this message is appropriate for these lists. If not, please
tell me and I won't do it again.)
Hi All.
There will be a new release of OpenSSH in a couple of weeks. This
release contains Kerberos and GSSAPI related changes that we would like
to get some feedback about (and hopefully address any issues with)
before the release.
I encourage anyone with an interest in
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2007 Sep 27
4
GSSAPI Key Exchange Patch for OpenSSH 4.7p1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm pleased to (finally) announce the availability of my GSSAPI Key
Exchange patch for OpenSSH 4.7p1. Whilst OpenSSH contains support for
doing GSSAPI user authentication, this only allows the underlying
security mechanism to authenticate the user to the server, and
continues to use SSH host keys to authenticate the server to the
2023 Jul 20
1
[Bug 3590] New: Why is the service name in the USERAUTH REQUEST message "ssh-connect" instead of "ssh-userauth"?
https://bugzilla.mindrot.org/show_bug.cgi?id=3590
Bug ID: 3590
Summary: Why is the service name in the USERAUTH REQUEST
message "ssh-connect" instead of "ssh-userauth"?
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: trivial
2004 May 23
5
OpenSSH v3.8p1 fails to interoperate for GSSAPI (Kerberos) and X-Windows
Versions: openssh-3.8p1-33, heimdal-0.6.1rc3-51, XFree86-4.3.99.902-40,
tk-8.4.6-37, all from SuSE 9.1 (unhacked); back-version peers have
openssh-3.5p1, XFree86-4.3.0-115, etc. from SuSE 8.2.
Symptoms:
1. When the client and server versions are unequal, the Kerberos ticket
is not accepted for authentication. All the clients have
PreferredAuthentications gssapi-with-mic, gssapi, others.
2.
2002 May 01
4
Using openssh 3.1p1 on Solaris with tcp wrappers 7.6
Dear Open SSH and TCP Wrappers Colleagues,
We are trying to use open ssh 3.1p1 on SPARC platforms
under Solaris 2.8 using gcc 2.95.2, in conjunction with
tcp wrappers 7.6 (IPv6 version). The wrapping of open ssh
is not too well documented but I think we have figured
most of this out (hearty thanks to Wietse Venema, Jim
Mintha & Niels Provos for their helpful email exchanges) --
but have one
2003 Apr 07
2
Simon Wilkinson's GSS-API patch
Hi,
I understand that Simon may be discontinuing his OpenSSH work. Does
anyone know if someone plans to maintain the patch?
Thank you,
--
*******************************************************
Quellyn L. Snead
UNIX Effort Team ( unixeffort at lanl.gov )
CCN-2 Enterprise Software Management Team
Los Alamos National Laboratory
(505) 667-4185 Schedule B
2003 Aug 22
1
GSSAPI patch sync from OpenBSD to Portable
Hi All.
Markus has commited the long-awaited GSSAPI patch to OpenBSD's ssh.
There are patches. The first [1] is a straightforward port of the
OpenBSD code to Portable.
The second [2] contains the parts I've stolen from Simon Wilkinson's
portable GSSAPI patch in an attempt to make it build. It is incomplete
and doesn't currently work.
The PAM support is not there and
2000 Apr 06
1
status of openssh-2
Hi,
My name is Stefan Mangard and I plan to implement an extension to ssh as a
final project in a cryptography class.
Since I want to use an open source of ssh, I decided to use
the openssh implementation.
I am currently working with openssh-1.2.3, but I'd also like to implement
my extension for protocol 2, I wanted to ask you how far the development
of the implementation of openssh-2 is.
2004 Mar 01
1
GSSAPI support in 3.8 ?
Hi All,
>From Changelog with 3.8:
"The experimental "gssapi" support has been replaced with the
"gssapi-with-mic" to fix possible MITM attacks.The two versions are not
compatible."
I am using OpenSSH-3.6 with Simon's patch and OpenSSH-3.7 built with GSSAPI
support. The latest version OpenSSH-3.8 is not working with 3.6 or 3.7 with
GSSAPI authentication. I
2000 May 01
3
Status of SSH 2.0 protocol support?
Just to bring everyone up to date, could we get a report on the status
of support for the 2.x protocol? The home page says "next major release"
- is that 1.3 or 2.0? And is there any feel for when it'll be generally
available?
--
John Hardin
Internal Systems Administrator
Apropos Retail Management Systems, Inc.
<johnh at aproposretail.com>
2004 May 07
11
[Bug 866] ssh(1) is too picky about unknown options in ~/.ssh/config
http://bugzilla.mindrot.org/show_bug.cgi?id=866
Summary: ssh(1) is too picky about unknown options in
~/.ssh/config
Product: Portable OpenSSH
Version: 3.8p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: openssh-bugs at
2013 Nov 20
1
Samba4 and GSSAPI based authentication for OpenSSH
I seem to be having the same issue as
https://lists.samba.org/archive/samba/2012-December/170426.html. I
don't see that he ever reached a solution.
Nov 20 16:02:58 appdb01-qa sshd[31622]: debug1: Unspecified GSS
failure. Minor code may provide more information\nNo key table entry
found matching host/appdb01-qa.mediture.dom@\n
Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1:
2015 Apr 16
2
Install Bind with gss-spnego enabled
On 16 Apr 2015 14:29, "Johnny Hughes" <johnny at centos.org> wrote:
>
> On 04/16/2015 06:33 AM, Mike wrote:
> > Hi Johnny,
> >
> > Thank you for your response. I thought to choose the sernet package
> > because of the following stated in Samba Readme:
> >
> > Samba packages shipped in some distributions like e. g. Fedora, RHEL may
>