GSS/krb5 patches (was Re: [PATCH] Add scp -1 and -2 options to OpenSSH-3.0.2p1)

Wed Jan 30 01:10:45 EST 2002

On Tue, Jan 29, 2002 at 04:34:04PM +1100, Damien Miller wrote:
> On Mon, 28 Jan 2002, Nicolas Williams wrote:
> 
> > Will useful patches posted to this list receive any consideration for
> > inclusion in future releases of OpenSSH?
> > 
> > The most important contributed patch, right now, from my point of view,
> > is Simon Wilkinson's GSS-API userauth/external key exchange patch.
> > 
> > Will that be included?
> 
> I'd like to see the KrbV integration patch included in portable, but I am 
> yet to receive an independant review of it from someone who understands
> the Kerberos V API properly. I don't know it well enough to feel 
> comfortable commiting it by myself - this is no reflection on Simon, just
> my own paranoia.

I'm using it. I've done minimal testing with Heimdal (compiles, links,
the client works) and I'm using it with MIT krb5. Besides empirical
evidence to Simon's MIT compat patch's stability and correctness I'm
willing to put together a description of what it does and why it does it
(i.e., what are the key Heimdal/MIT krb5 API differences).

Is there anything else that you need to help any review of Simon's MIT
krb5 compat patch?

> IIRC the GSS-API patch was awaiting revision to match the drafts.

Simon has posted the -02 draft version of his patch. The -03 of the
gsskeyex draft does not make any changes to the on-the-wire protocol
except for the addition of optional SSH_MSG_KEXGSS_ERROR (MAY) and
SSH_MSG_USERAUTH_GSSAPI_ERROR (SHOULD) messages. So Simon's patch is
compatible with the -02 and -03 versions of the gsskeyex draft.

Again, I'm willing to help you review Simon's gsskeyex patches. Let me
know how I can help.

Also, I have developed a local patch for gsskeyex-01 backwards
compatibility. I do not pretend that you assimilate this one though as
you hadn't assimilated Simon's gsskeyex-01 patch for OpenSSH 2.9p2.
Others may find it useful however.

> -d

Cheers,

Nico
--
-DISCLAIMER: an automatically appended disclaimer may follow. By posting-
-to a public e-mail mailing list I hereby grant permission to distribute-
-and copy this message.-

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.