Kerberos V5 integration

Simon Wilkinson sxw at dcs.ed.ac.uk
Tue May 23 07:16:57 EST 2000


> > Once I've got the credentials passing and ticket granting stuff down to
> > my, and those who get to add it to the release's, satisfaction, I'll look
> > into adding this as well.
> 
> I assume that PAM still isn't available on some older platforms.  Even
> when it is, it would be easier for our in-house distributions of SSH if we
> could have this capability statically linked in.

Now available from 
http://www.dcs.ed.ac.uk/home/sxw/openssh/openssh-2.1.0-kerberosV.patch
is a patch which implements Kerberos 5 credential passing, ticket granting
and password authentication. I've built this, and tested it, with MIT
Kerberos, I believe that it should work with Heimdal, but I haven't (yet)
had a chance to test it.

This is probably _not_ compatible with some other implementations, in
particular those which overload the existing kerberos message types to
carry Kerberos 5 credentials (this patch currently uses a new set of
message types). I'd like to merge this code with the Kerberos 4 code
so that both can coexist on the same pair of types, if anyone's interested
in collaborating on this.

Please take a look and let me know what you think. I'd especially welcome
feedback on the ticket file checking code.

Cheers,

Simon.





More information about the openssh-unix-dev mailing list