[Bug 958] patch to support GSI GSSAPI mechanism

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Dec 3 03:27:08 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=958

           Summary: patch to support GSI GSSAPI mechanism
           Product: Portable OpenSSH
           Version: 3.9p1
          Platform: All
               URL: http://grid.ncsa.uiuc.edu/ssh/
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Miscellaneous
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: jbasney at ncsa.uiuc.edu


The following patch adds support for the GSI GSSAPI mechanism to
OpenSSH.  It adds gss-serv-gsi.c (similar to gss-serv-krb5.c) and
modifies Makefile.in, acconfig.h, configure.ac, and gss-serv.c to
support the new GSSAPI mechanism.  It also makes a one-line change to
auth2-gss.c to initialize the flags passed in to
gss_accept_sec_context() as required by the GSI GSSAPI library.

The GSI GSSAPI mechanism implements authentication and delegation
(credential forwarding) for X.509 proxy certificates (RFC3820) and is
implemented by the Globus Toolkit (http://www.globus.org/toolkit/).
We've been using GSI with OpenSSH for over 3 years, using Simon
Wilkinson's OpenSSH GSSAPI patch, and in that time "GSI-enabled"
OpenSSH has become important software for grid computing on, for
example, the TeraGrid (http://www.teragrid.org/).

Now that OpenSSH includes GSSAPI support for Kerberos, we'd be pleased
if you could apply this patch for GSI GSSAPI support.  NCSA is
committed to supporting GSI with OpenSSH, and we'd be responsive to
any issues that come up related to the GSI code in OpenSSH, if you
choose to include it.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list