similar to: New release of GSSAPI Key Exchange patch

Hi, I'm pleased to announce the availability of my GSSAPI Key Exchange patch for OpenSSH 5.7p1. In addition to adding support for key exchange, vital for enterprise users of SSH and Kerberos, it also adds a number of other GSSAPI related features: *) Cascading Credential Renewal - when enabled, credentials renewed on your local workstation are automatically forwarded to hosts

From the better-late-than-never-department, I'm pleased to announce the availability of my GSSAPI Key Exchange patches for OpenSSH 5.3p1. This is a pretty minor maintenance release - it contains a couple of fixes to take into account changes to the underlying OpenSSH code, and a compilation fix for when GSSAPI isn't required. Thanks to Colin Wilson and Jim Basney for their bug reports.

Hi, I'm pleased to be able to announce the availability of my GSSAPI Key Exchange patch for OpenSSH 4.4p1. This patch adds RFC4462 compatibility to OpenSSH, along with adding additional GSSAPI support that is yet to make it into the main tree. The patch implements: *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. This can be enabled through the

http://bugzilla.mindrot.org/show_bug.cgi?id=928 simon at sxw.org.uk changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |simon at sxw.org.uk ------- Comment #2 from simon at sxw.org.uk 2006-08-19 08:31 ------- I'd rather see us move towards just using

http://bugzilla.mindrot.org/show_bug.cgi?id=1220 Summary: Fix error messages for multiple mechanism GSSAPI libraries Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo:

Will Simon Wilkinson's GSSAPI Key Exchange patch ever be incorporated into the OpenSSH source? http://www.sxw.org.uk/computing/patches/openssh.html I'm sure I'm not the only one that uses it and would like to see it become part of the OpenSSH source. Is there something missing or is there some technical/philosophical reason for not including it?

Hello, Kevin Way wrote: > I'm curious if there are technical (or other) reasons that prevent > FreeBSD from adding RFC 4462 (GSSAPI Key Exchange) support to sshd. > The MIT Kerberos team first requested this four years ago, and > implementation patches have been available for years at: > http://www.sxw.org.uk/computing/patches/openssh.html > > The author of those

Hi, This is to announce the availability of a new version of my GSSAPI key exchange patch for OpenSSH. The code is available from http://www.sxw.org.uk/computing/patches/openssh.html Changes since the last release are: *) Implement GSS group exchange *) Disable DNS canonicalization of the hostname passed to the GSSAPI library - an option is provided to allow this to be overriden on

Patches supporting GSSAPI Key Exchange in OpenSSH 4.3p2 are now available from http://www.sxw.org.uk/computing/patches/openssh.html These patches add support for performing GSSAPI key exchange to the OpenSSH client and server. Whilst OpenSSH contains support for using GSSAPI in the user authentication step, this is inadequate for many sites, as it doesn't provide a mechanism for using

Hi, I'm pleased to announce the availability of my GSSAPI Key Exchange patch for OpenSSH 4.6p1. This patch adds support for the RFC4462 GSSAPI key exchange mechanisms to OpenSSH, along with some minor fixes for the GSSAPI code that is already in the tree. The patch implements: *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. (#1242) *)

Somewhat belatedly, I'm pleased to announce the availability of my GSSAPI key exchange patches for OpenSSH 5.2p1. Apologies for the delay in getting these out, a honeymoon, followed by the pressure of work, made the first half of this year rather busy! Whilst OpenSSH contains support for GSSAPI user authentication, this still relies upon SSH host keys to authenticate the server to the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's that time again! There's been another OpenSSH release, and once again, I'm pleased to announce the availability of my GSSAPI Key Exchange patch for it. Whilst OpenSSH contains support for GSSAPI user authentication, this still relies upon SSH host keys to authenticate the server to the user. For sites with a deployed Kerberos

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm pleased to (finally) announce the availability of my GSSAPI Key Exchange patch for OpenSSH 4.7p1. Whilst OpenSSH contains support for doing GSSAPI user authentication, this only allows the underlying security mechanism to authenticate the user to the server, and continues to use SSH host keys to authenticate the server to the

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 simon at sxw.org.uk changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |simon at sxw.org.uk ------- Comment #5 from simon at sxw.org.uk 2006-08-19 08:28 ------- There isn't an easy fix for this, at

Now that RFC 4462 has been published, I was wondering if there would be any interest in looking again at integrating the key exchange portions of my GSSAPI patch into the OpenSSH tree? As I've mentioned before, key exchange has significant benefits for large sites as it allows them to use Kerberos to authenticate ssh hosts, and removes the need to maintain and distribute ssh known_hosts

An updated version of my GSSAPI patches for OpenSSH 2.9p1 is finally available from http://www.sxw.org.uk/computing/patches/openssh.html These patches fix a bug with the hash calculation which will break interoperation with earlier versions - sorry! This release supports both Kerberos and GSI (thanks to Von Welch for the GSI support) mechanisms, and the code in it has now been widely tested

Just a quick heads up to warn those of you using my gss-keyex patches that there's a small buglet in them which will affect interoperability. I'm building the hash incorrectly (by including a zero length string where there shouldn't be one). This will mean that when trying to interoperate with other implementations (if there are any :-) you'll get a message about the MIC not

As much as I hate to raise the question of another large contributed patch, given recent traffic, what are the chances of my patch for GSSAPI authentication making it into the tree? Its now been widely reviewed, and seems to be seeing a fair bit of use. There is support for multiple GSSAPI mechanisms. I'm happy to adapt the patch as necessary to get it included - either against the

http://bugzilla.mindrot.org/show_bug.cgi?id=1218 Summary: GSSAPI client code permits SPNEGO usage Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: bitbucket at mindrot.org ReportedBy:

Dear All, Yesterday evening or cluster has stopped. Two of our nodes tried to take the resource from each other, they haven''t seen the other side, if I saw well. I stopped heartbeat, resources, start it again, and back to online, worked fine. This morning I saw this in logs: Feb 22 03:25:07 node4 kernel: Lustre: 7:0:(linux-debug.c:98:libcfs_run_upcall()) Invoked LNET upcall