Re: need help building openssh 3.6.1p2

From: Andreas Schott (schott_at_rzg.mpg.de)
Date: 07/30/03

  • Next message: CIC Information Line: "sftp directory restriction" 
    Date: Wed, 30 Jul 2003 10:28:53 +0200
To: Cesar Garcia <Cesar.Garcia@morganstanley.com>

    Hi Cesar, Atro,

    we have a very similar problem. We want to get rid of krb4
    part in OpenSSH and just have OpenAFS and using the afs
    mechanisms of communication. In order to do as few source
    changes to OpenSSH as possible, I wrote wrappers which
    map krb4 calls to OpenAFS calls concerning the token transfer.
    I did not bother with ticket transfers. Some additional
    #ifdef are required and some definitions "stolen" from krb4
    source are in an additional .h file. I have a working version
    for Solaris 8, which cooperates with the standard afs/krb4
    version of OpenSSH on other boxes. I actually wanted to
    check/port for some more platforms before offering it to
    OpenSSH. The actual aim, which also works between the Solaris8
    boxes running the modified version of OpenSSH, is, token transfer
    works with protocol version 2. BUT THIS IS STILL EXPERIMENTAL.
    It required a request afs-req analogous to x11-req, and
    I am not yet sure about, whether I did it the right way.
    I wanted to have done more work before offering it. Due
    to very limited resources I did not yet have time for that.
    But if anybody else is interested or would like to help with
    that work, now this is your chance. The diff -c patch is
    only 30k in size.

    > I don't exactly want krb4 support, but it appears to be required for
    > AFS token passing. I already have MIT the distribution deployed, so I
    > was hoping to use it. It turns out kafs.h is not part of the MIT
    > distribution - it's part of the Heimdal distribution. (My initial
    > guess was that it was part of the OpenAFS or Transarc AFS distribution
    > - but I was wrong).
    >
    > >>>>> "Atro" == Atro Tossavainen <atossava@cc.helsinki.fi> writes:
    >
    > >> Any ideas where kafs.h is supposed to come from (needed by
    > >> sshconnect1.c)?
    >
    > Atro> I seem to be getting it from the KTH Krb4 distribution.
    >
    > Atro> <URL:http://www.pdc.kth.se/kth-krb/>
    >
    > Atro> (From your earlier message)
    >
    > >> 1 - is it OK to try to use MIT kerberos 1.2.8 for kerberos 4 support?
    >
    > Atro> Did you?
    >
    > Atro> I can't see a requirement for a specific implementation of krb4 in the
    > Atro> OpenSSH included documentation.
    >
    > Atro> --
    > Atro> Atro Tossavainen (Mr.) / The Institute of Biotechnology at
    > Atro> Systems Analyst, Techno-Amish & / the University of Helsinki, Finland,
    > Atro> +358-9-19158939 UNIX Dinosaur / employs me, but my opinions are my own.
    > Atro> < URL : http : / / www . helsinki . fi / %7E atossava / >
    >
    > Atro> File attachments NOT welcome unless agreed to beforehand.
    > 

    -- 
Mit freundlichen Grüßen
Andreas Schott.
----------------------------------------------------------------
http://www.rzg.mpg.de/~ays           |  :-O   Wissen ist Macht!
email: schott@rzg.mpg.de             |  8-(   Ich weiß nichts.
phone/fax: +49 89 3299-2180/1301     |  ;->   Macht auch nichts.
  • Next message: CIC Information Line: "sftp directory restriction"