Re: OpenSSH official support for GSSAPI

From: Darren Tucker (dtucker_at_zip.com.au)
Date: 11/20/03

Next message: Tevfik Karagülle: "Re: Disable ssh access to some users"

Previous message: Darren Tucker: "Re: scp fails - excepted on very small files"
In reply to: tom brown: "OpenSSH official support for GSSAPI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 21 Nov 2003 08:31:46 +1100
To: tom brown <tmcb1971@yahoo.com>

tom brown wrote:
> I have been using patched OpenSSH to provide GSSAPI
> support for a long time now with great success. Can
> anybody say what the status of it's official inclusion
> in "portable" openssh is?

GSSAPI support has been in OpenSSH since 3.7, based on a subset of Simon
Wilkinson's work.

It has recently been replaced by "gssapi-with-mic" (also from Simon) but
not being a Kerberos person I'm not sure what the difference is.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Next message: Tevfik Karagülle: "Re: Disable ssh access to some users"

Previous message: Darren Tucker: "Re: scp fails - excepted on very small files"
In reply to: tom brown: "OpenSSH official support for GSSAPI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

OpenSSH official support for GSSAPI
... I have been using patched OpenSSH to provide GSSAPI ... support for a long time now with great success. ...
(SSH)
GSSAPI Key Exchange Patch for OpenSSH 5.2p1
... Whilst OpenSSH contains support for GSSAPI user authentication, this still relies upon SSH host keys to authenticate the server to the user. ... GSSAPI key exchange allows the use of security mechanisms such as Kerberos to authenticate the server to the user, removing the need for trusted ssh host keys, and allowing the use of a single security architecture. ... This patch adds support for the RFC4462 GSSAPI key exchange mechanisms to OpenSSH, along with adding some additional, generic, GSSAPI features. ...
(comp.protocols.kerberos)
Announce: GSSAPI Key Exchange Patch for OpenSSH 5.7p1
... I'm pleased to announce the availability of my GSSAPI Key Exchange patch for OpenSSH 5.7p1. ... In addition to adding support for key exchange, vital for enterprise users of SSH and Kerberos, it also adds a number of other GSSAPI related features: ... *) Cascading Credential Renewal - when enabled, credentials renewed on your local workstation are automatically forwarded to hosts which you have logged in to. ...
(comp.protocols.kerberos)
GSSAPI Key Exchange Patch for OpenSSH 4.6p1
... I'm pleased to announce the availability of my GSSAPI Key Exchange ... This patch adds support for the RFC4462 GSSAPI key exchange ... mechanisms to OpenSSH, along with some minor fixes for the GSSAPI ...
(comp.protocols.kerberos)
GSSAPI Key Exchange Patch for OpenSSH 5.0p1 (plus an added extra)
... Whilst OpenSSH contains support for GSSAPI user authentication, this still relies upon SSH host keys to authenticate the server to the user. ... GSSAPI key exchange allows the use of security mechanisms such as Kerberos to authenticate the server to the user, removing the need for trusted ssh host keys, and allowing the use of a single security architecture. ... This patch adds support for the RFC4462 GSSAPI key exchange mechanisms to OpenSSH, along with adding some additional, generic, GSSAPI features. ... This allows credentials provided via key exchange to be cascaded through a set of ssh connections, so that a once a user reauthenticates on their workstation, the new credentials are available on all machines to which they are currently connected. ...
(comp.protocols.kerberos)