New GSSAPI Key Exchange patch for OpenSSH 4.2p1 - Kerberos

This is a discussion on New GSSAPI Key Exchange patch for OpenSSH 4.2p1 - Kerberos ; Hi, This is to announce the availability of a new version of my GSSAPI key exchange patch for OpenSSH. The code is available from http://www.sxw.org.uk/computing/patches/openssh.html Changes since the last release are: *) Implement GSS group exchange *) Disable DNS canonicalization ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: New GSSAPI Key Exchange patch for OpenSSH 4.2p1

  1. New GSSAPI Key Exchange patch for OpenSSH 4.2p1

    Hi,

    This is to announce the availability of a new version of my GSSAPI key
    exchange patch for OpenSSH.

    The code is available from
    http://www.sxw.org.uk/computing/patches/openssh.html

    Changes since the last release are:

    *) Implement GSS group exchange
    *) Disable DNS canonicalization of the hostname passed to the GSSAPI
    library - an option is provided to allow this to be overriden on a
    host by host basis.
    *) Fix the crash when connecting to a server which supports sending a
    hostkey as part of the GSSAPI key exchange.
    *) Make GSS rekeying work when privsep is enabled
    *) Fix incorrect naming of keyex userauth mechanism
    *) Fix client crash when doing key exchange with expired credentials
    *) Assorted buffer initialization fixes

    Why Key Exchange?

    Whilst OpenSSH contains support for doing GSSAPI user authentication,
    this only allows the underlying security mechanism to authenticate the
    user to the server, and continues to use SSH host keys to authenticate
    the server to the user. For many sites who already have security
    infrastructures such as Kerberos deployed, managing large numbers of SSH
    host keys is an additional, unneccessary, burden. GSSAPI key exchange
    allows the use of security mechanisms such as Kerberos to authenticate
    the server to the user, removing the need for trusted ssh host keys, and
    allowing the use of a single security architecture.

    Cheers,

    Simon.
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: New GSSAPI Key Exchange patch for OpenSSH 4.2p1

    Em Seg 26 Set 2005 15:28, Simon Wilkinson escreveu:
    > Hi,
    >
    > This is to announce the availability of a new version of my GSSAPI key
    > exchange patch for OpenSSH.


    Any news on the integration of this into upstream openssh?
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread