I'm pleased to announce the availability of my GSSAPI Key Exchange
patch for OpenSSH 4.6p1.

This patch adds support for the RFC4462 GSSAPI key exchange
mechanisms to OpenSSH, along with some minor fixes for the GSSAPI
code that is already in the tree.

The patch implements:
*) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key
exchange mechanisms. (#1242)
*) Support for the null host key type (#1242)
*) Support for CCAPI credentials caches on Mac OS X (#1245)
*) Support for better error handling when an authentication
exchange fails due to server misconfiguration (#1244)
*) Better error reporting when using a GSSAPI library which
supports multiple mechanisms (#1220)
*) Support for GSSAPI connections to hosts behind a round-robin
load balancer (#1008)
*) Support for GSSAPI connections to multi-homed hosts, where each
interface has a unique name (#928)
*) Cleanup of GSSAPI code seperation between client and server.

(bugzilla.mindrot.org bug numbers are in brackets)

The only change since the last release is a minor code fix.

As usual, the code is available from



Kerberos mailing list Kerberos@mit.edu