Displaying 20 results from an estimated 800 matches similar to: "Pending OpenSSH release, call for testing."
2004 Sep 14
2
GSSAPI, Kerberos and multihomed hosts
(was: "Re: Pending OpenSSH release, call for testing", topic drift at
its finest :-)
Markus Moeller wrote:
> Douglas,
>
> OK three possible settings(hostname,connection IP,GSS_C_NO_NAME) are fine for me too.
Does GSS_C_NO_NAME relate to this bug (addressless tickets)?
http://bugzilla.mindrot.org/show_bug.cgi?id=488
BTW, I opened a bug the the multihomed thing a couple of
2015 Oct 08
3
[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
Thomas Calderon <calderon.thomas at gmail.com> writes:
> Hi,
>
> There is no need to add new mechanism identifiers to use specific curves.
>
> This can be done already using the CKM_ECDSA mechanism parameters (see
> CKA_ECDSA_PARAMS
> in the standard).
> Given that the underlying HW or SW tokens supports Ed25519 curves, then you
> could leverage it even with
2015 Oct 08
2
[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
On 10/8/2015 4:49 AM, Simon Josefsson wrote:
> Mathias Brossard <mathias at brossard.org> writes:
>
>> Hi,
>>
>> I have made a patch for enabling the use of ECDSA keys in the PKCS#11
>> support of ssh-agent which will be of interest to other users.
>
> Nice! What would it take to add support for Ed25519 too? Do we need to
> allocate any new PKCS#11
2004 Aug 12
14
Pending OpenSSH release, call for testing.
Hi All.
OpenSSH is getting ready for a release soon, so we are asking for all
interested parties to test a snapshot.
Changes include:
* sshd will now re-exec itself for each new connection (the "-e" option
is required when running sshd in debug mode).
* PAM password authentication has been (re)added.
* Interface improvements to sftp(1)
* Many bug fixes and improvements, for
2017 Jan 17
2
Question on Kerberos (GSSAPI) auth
On Jan 17, 2017, at 9:57 AM, Douglas E Engert <deengert at gmail.com> wrote:
> On 1/16/2017 2:09 PM, Ron Frederick wrote:
>> I?m working on an implementation of ?gssapi-with-mic? authentication for my AsyncSSH package and trying to get it to interoperate with OpenSSH. I?ve gotten it working, but there seems to be a discrepancy between the OpenSSH implementation and RFC 4462.
2007 Sep 25
9
OpenSSH PKCS#11merge
[[Sending again, as for some strange reason it is not accepted]]
Hello OpenSSH developers,
I maintain external patch for PKCS#11 smartcard support into
OpenSSH[1] , many users already apply and use this patch.
I wish to know if anyone is interesting in working toward merging this
into mainline.
I had some discussion with Damien Miller, but then he disappeared.
Having standard smartcard
2017 Jun 24
2
OpenSSL 1.1 support status : what next?
On 6/24/2017 11:35 AM, Emmanuel Deloget wrote:
> Hello Douglas,
>
> On Fri, Jun 23, 2017 at 9:16 PM, Douglas E Engert <deengert at gmail.com <mailto:deengert at gmail.com>> wrote:
> > OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing
> > a shim for OpenSSL-1.1, the OpenSC code has been converted to
> > the OpenSSL-1.1 API and a
2004 Jan 26
6
OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos
Rather then implementing kafs in MIT Kerberos, I would like to
suggest an alternative which has advantages to all parties.
The OpenSSH sshd needs to do two things:
(1) sets a PAG in the kernel,
(2) obtains an AFS token storing it in the kernel.
It can use the Kerberos credentials either obtained via GSSAPI
delegation, PAM or other kerberos login code in the sshd.
The above two
2004 Feb 13
2
OpenSSH-snap-20040212 and the use of krb5-config
With openssh-snap-20040212 the configure.ac when it finds a
krb5-config file, does not call the AC_DEFINE(GSSAPI) or
AC_CHECK_HEADER(gssapi.h...) This means that GSSAPI and HAVE_GSSAPI_H
are not defined, and thus GSSAPI is not built.
If I rename the kerberos provided krb5-config file and run configure,
the old method of finding the Kerberos lib and include directories
is used and OpenSSH
2017 Jun 23
5
OpenSSL 1.1 support status : what next?
OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing
a shim for OpenSSL-1.1, the OpenSC code has been converted to
the OpenSSL-1.1 API and a sc-ossl-compat.h" file consisting of defines and
macros was written to support older versions of OpenSSL and Libressl.
https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/sc-ossl-compat.h
The nice part of this approach is
2005 Feb 21
6
OpenSSH+GSSAPI & HP/UX 11i...
I am trying to transition several HP/UX 11i (PA/RISC) servers from
ssh.com over to OpenSSH+GSSAPI (3.9p1) and it's complaining about the
GSSAPI include files:
-=-
gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.
-I/usr/local/ssl/include -D_HPUX_SOURCE -D_XOPEN_SOURCE
-D_XOPEN_SOURCE_EXTENDED=1 -I/usr/local/krb5/include
-DSSHDIR=\"/usr/local/etc\"
2003 May 02
6
openssh 3.6.1_p2 problem with pam (fwd)
----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> -----
Date: Fri, 2 May 2003 14:01:33 +0200
From: Andrea Barisani <lcars at infis.univ.trieste.it>
To: openssh at openssh.com
Subject: openssh 3.6.1_p2 problem with pam
Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour:
# ssh -l lcars mybox
[2 seconds delay]
lcars at mybox's
2016 Mar 22
3
Automatically forwarding fresh Kerberos tickets?
In an environment where users use smart cards to authenticate on Windows and then use ssh to login to UNIX systems via GSSAPI, it is nigh impossible to renew/refresh the Kerberos credentials in the UNIX session. If the user fails to renew their credentials before they expire, the user is stuck and must log out and log back in to get valid tickets.
Meanwhile it is entirely likely that on the
2004 Mar 24
1
GSSAPI patch for multihomed hosts
Hi,
This is another attempt to get my gssapi for multi homed systems into
openssh. Please find attach a small change so that gssapi authentication
works on multihomed systems.
Regards
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-3.8p1-mm.diff
Type: application/octet-stream
Size: 3599 bytes
Desc: not available
Url :
2005 May 11
6
Need help with GSSAPI authentication
Client: Windows XP pro, in an AD 2003 domain, running SecureCRT 4.1.11.
I've also got MIT Kerberos for Windows installed on the client, and Leash
shows that my tickets ARE forwardable.
Server: Solaris 8 Sparc server, with MIT Kerberos (krb5-1.4.1), and
OpenSSH 4.0p1.
I've created two AD accounts, and extracted keys mapped to
"host/hostname.domainname.com at REALM.COM" and
2004 Mar 04
4
SSH + Kerberos Password auth
Hello,
I have a question about SSH with Kerberos password authentication .
Do I receive any host ticket to my client machine when I do ssh connection
with Kerberos password authenticaiton? If dont, why?
If I login to remote machine through telnet with Kerberos Password
authentication [through PAM-kerberos], then I can see the tickets with
klist. But with the same setup for sshd, I cannot see
2009 Feb 04
4
5.1p1 and X11 forwarding failing
I'm really scratching my head on this one. The server
is running OpenSSH 5.1p1 on Solaris 9. The authentication
is via PAM if that matters.
# grep X11 sshd_config | sed '/^#/D'
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
#
Now I attach to my 'master' sshd and follow all children
to look for any evidence of "DISPLAY":
# truss -f -a -e -p 14923
2005 Nov 27
3
OpenSSH and Kerberos / Active Directory authentication problems: Credentials cache permission incorrect / No Credentials Cache found
Greetings,
I'm working on the infrastructure of a medium size client/server
environment using an Active Directory running on Windows Server 2003 for
central authentication of users on linux clients.
Additionally OpenAFS is running using Kerberos authentication through
Active Directory as well.
Now I want to grant users remote access to their AFS data by logging in
into a central OpenSSH
2017 Jan 16
2
Question on Kerberos (GSSAPI) auth
I?m working on an implementation of ?gssapi-with-mic? authentication for my AsyncSSH package and trying to get it to interoperate with OpenSSH. I?ve gotten it working, but there seems to be a discrepancy between the OpenSSH implementation and RFC 4462. Specifically, RFC 4462 says the following in section 3.4:
Since the user authentication process by its nature authenticates
only the client,
2017 Feb 01
2
net ads and wbinfo are painfully slow -- but they work
On Wed, 1 Feb 2017 07:30:19 -0800
Chris Stankevitz <chrisstankevitz at gmail.com> wrote:
> On Wed, Feb 1, 2017 at 1:12 AM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > He is also unlikely to be running avahi, he is using Freebsd 10.3
>
> truss (like strace) showed that wbinfo, net, and sshd were all hanging
> after system calls to getuid() and