This is a discussion on New version of OpenSSH key exchange patch - Kerberos ; Hi, I'm pleased to be able to announce the availability of my GSSAPI Key Exchange patch for OpenSSH 4.4p1. This patch adds RFC4462 compatibility to OpenSSH, along with adding additional GSSAPI support that is yet to make it into the ...
I'm pleased to be able to announce the availability of my GSSAPI Key
Exchange patch for OpenSSH 4.4p1.
This patch adds RFC4462 compatibility to OpenSSH, along with adding
additional GSSAPI support that is yet to make it into the main tree.
The patch implements:
*) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key
exchange mechanisms. This can be enabled through the
GSSAPIKeyExchange option on both client and server
*) Support for the null host key type
*) Support for CCAPI caches on Mac OS X
*) Don't penalise the client for authentication failures caused by
*) Better error reporting when using GSSAPI libraries containing
*) Support for GSSAPI connections to hosts using a round-robin load
balancer, through the GSSAPITrustDNS client option
*) Support for GSSAPI connections to multi-homed hosts with multiple
acceptor names, though the GSSAPIStrictAcceptorCheck server option
*) Tidy GSSAPI code seperation between client and server
As usual the code is available from
Thanks again to everyone who has sent patches and suggestions over the
Kerberos mailing list Kerberos@mit.edu