similar to: gss userauth (fwd)

I've now completed updating my patches for GSSAPI in protocol v2 to OpenSSH 3.1p1 See http://www.sxw.org.uk/computing/patches/openssh.html As previously, you will need to apply the protocol v1 krb5 patch before the GSSAPI one, and run autoreconf from an autoconf later than 2.52 There are a number of improvements and minor bug fixes over previous patches. However, due to protocol changes this

Dear Sir and Madam: I'm writing to you on behalf of the MIT Kerberos team and several other parties interested in the availability of Kerberos authentication for the SSH protocol. We recently noticed that the OpenSSH developers had added support for the kerberos-2 at ssh.com user authentication mechanism. We are delighted but we believe additional steps are necessary, as explained

An updated version of my patch for Kerberos v5 support is now available from http://www.sxw.org.uk/computing/patches/openssh-2.5.2p1-krb5.patch This patch includes updated Kerberos v5 support for protocol version 1, and also adds GSSAPI support for protocol version 2. Unlike the Kerberos v5 code (which will still not interoperate with ssh.com clients and servers), the GSSAPI support is based on

I took Markus Friedl's advice and set up a KbdintDevice for Kerberos password authentication/expiry. It took me a bit to wrap my head around privsep, but I think it's working properly (code stolen shamelessly from FBSD's PAM implementation :->). The hardest part was working out how to get the interaction between krb5_get_init_creds_password() (along with the prompter) to work

Hi, i notice in draft-ietf-secsh-gsskeyex-06.txt that the value for SSH_MSG_USERAUTH_GSSAPI_ERRTOK is not defined. does anyone know what this should be (i guess *will* be in a future rev)? thanks glen

this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h

(I hope this message is appropriate for these lists. If not, please tell me and I won't do it again.) Hi All. There will be a new release of OpenSSH in a couple of weeks. This release contains Kerberos and GSSAPI related changes that we would like to get some feedback about (and hopefully address any issues with) before the release. I encourage anyone with an interest in

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm pleased to (finally) announce the availability of my GSSAPI Key Exchange patch for OpenSSH 4.7p1. Whilst OpenSSH contains support for doing GSSAPI user authentication, this only allows the underlying security mechanism to authenticate the user to the server, and continues to use SSH host keys to authenticate the server to the

https://bugzilla.mindrot.org/show_bug.cgi?id=3590 Bug ID: 3590 Summary: Why is the service name in the USERAUTH REQUEST message "ssh-connect" instead of "ssh-userauth"? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: trivial

Versions: openssh-3.8p1-33, heimdal-0.6.1rc3-51, XFree86-4.3.99.902-40, tk-8.4.6-37, all from SuSE 9.1 (unhacked); back-version peers have openssh-3.5p1, XFree86-4.3.0-115, etc. from SuSE 8.2. Symptoms: 1. When the client and server versions are unequal, the Kerberos ticket is not accepted for authentication. All the clients have PreferredAuthentications gssapi-with-mic, gssapi, others. 2.

Dear Open SSH and TCP Wrappers Colleagues, We are trying to use open ssh 3.1p1 on SPARC platforms under Solaris 2.8 using gcc 2.95.2, in conjunction with tcp wrappers 7.6 (IPv6 version). The wrapping of open ssh is not too well documented but I think we have figured most of this out (hearty thanks to Wietse Venema, Jim Mintha & Niels Provos for their helpful email exchanges) -- but have one

Hi, I understand that Simon may be discontinuing his OpenSSH work. Does anyone know if someone plans to maintain the patch? Thank you, -- ******************************************************* Quellyn L. Snead UNIX Effort Team ( unixeffort at lanl.gov ) CCN-2 Enterprise Software Management Team Los Alamos National Laboratory (505) 667-4185 Schedule B

Hi All. Markus has commited the long-awaited GSSAPI patch to OpenBSD's ssh. There are patches. The first [1] is a straightforward port of the OpenBSD code to Portable. The second [2] contains the parts I've stolen from Simon Wilkinson's portable GSSAPI patch in an attempt to make it build. It is incomplete and doesn't currently work. The PAM support is not there and

Hi, My name is Stefan Mangard and I plan to implement an extension to ssh as a final project in a cryptography class. Since I want to use an open source of ssh, I decided to use the openssh implementation. I am currently working with openssh-1.2.3, but I'd also like to implement my extension for protocol 2, I wanted to ask you how far the development of the implementation of openssh-2 is.

Hi All, >From Changelog with 3.8: "The experimental "gssapi" support has been replaced with the "gssapi-with-mic" to fix possible MITM attacks.The two versions are not compatible." I am using OpenSSH-3.6 with Simon's patch and OpenSSH-3.7 built with GSSAPI support. The latest version OpenSSH-3.8 is not working with 3.6 or 3.7 with GSSAPI authentication. I

Just to bring everyone up to date, could we get a report on the status of support for the 2.x protocol? The home page says "next major release" - is that 1.3 or 2.0? And is there any feel for when it'll be generally available? -- John Hardin Internal Systems Administrator Apropos Retail Management Systems, Inc. <johnh at aproposretail.com>

http://bugzilla.mindrot.org/show_bug.cgi?id=866 Summary: ssh(1) is too picky about unknown options in ~/.ssh/config Product: Portable OpenSSH Version: 3.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at

I seem to be having the same issue as https://lists.samba.org/archive/samba/2012-December/170426.html. I don't see that he ever reached a solution. Nov 20 16:02:58 appdb01-qa sshd[31622]: debug1: Unspecified GSS failure. Minor code may provide more information\nNo key table entry found matching host/appdb01-qa.mediture.dom@\n Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1:

On 16 Apr 2015 14:29, "Johnny Hughes" <johnny at centos.org> wrote: > > On 04/16/2015 06:33 AM, Mike wrote: > > Hi Johnny, > > > > Thank you for your response. I thought to choose the sernet package > > because of the following stated in Samba Readme: > > > > Samba packages shipped in some distributions like e. g. Fedora, RHEL may >