what's the deal with openssh-3.0p1 and kerberos5?
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Thu Nov 8 02:30:30 EST 2001
OpenBSD's version of OpenSSH has KRB5 support ready for use. The portable
group is still lagging a bit behind. I saw a set of Kerb5 enabling
patches float by the list from Simon Wilkinson. I expect they will get
merged in and it will be in a later 3.0pX release or in the next 3.x.x
release.
I could forward you the patch if you wish.. You need to have autoconf 2.52
or better to rebuild the ./configure script. Simon did (from what I can
tell) a very good job of supporting MIT and HEIMDAL. Just too bad the two
library developers can't standardize on an API.
- Ben
On Wed, 7 Nov 2001, Andreas Hasenack wrote:
> The openssh-3.0 announcement said:
>
> (...)
> 3) improved Kerberos support in protocol v1 (KerbIV and KerbV)
> (...)
>
> This seems to imply at least some krb5 support, but there is nothing
> new in ./configure --help about it. Grepping the source, I see many
> references to #ifdef KRB5. Trying to enable it manually (a #define
> in config.h) gives errors about a missing krb5_auth_con_setaddrs_from_fd,
> which I really can't find anywhere in the MIT sources, and many
> other missing functions.
>
> Yes, I know about the gssapi patch at
> http://www.sxw.org.uk/computing/patches/openssh.html, but it's only
> available for 2.9p2 so far and the poor guy has been repeatedly asking
> for it to be included in the mainstream version without success.
> So, is that planned? Krb5 in openssh? Or is there something wrong with
> the gssapi patches?
>
> I have openssh-3.0p1 and krb5-1.2.2 from MIT.
>
>
More information about the openssh-unix-dev
mailing list