Problems with Krb5/GSSAPI patches in FBSD 4.3
Kevin Steves
stevesk at pobox.com
Wed May 23 01:35:04 EST 2001
On Tue, 22 May 2001, Simon Wilkinson wrote:
: > Question, do you know if this patch worked with ssh.com SSH2 clients, or
: > just with OpenSSH clients? As soon as I know which client to use, I'll
: > send the traces over... :)
:
: The patch only works with those clients that provide a GSSAPI keyexchange
: or user authentication method. I believe that the ssh.com SSH2 clients use
: their own, unpublished, methods for Kerberos authentication - so they won't
: interoperate.
i know little about kerberos, but i did notice this recently:
http://www.FreeBSD.org/cgi/cvsweb.cgi/src/crypto/openssh/auth-krb5.c
Revision 1.7 Sun Mar 4 02:22:03 2001 UTC (2 months, 2 weeks ago) by assar
Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg at sics.se>
PR: misc/20504
More information about the openssh-unix-dev
mailing list