Curious about final KRB5/GSSAPI patch inclusion.
Daniel Kouril
kouril at ics.muni.cz
Sat May 18 21:24:00 EST 2002
On Thu, May 16, 2002 at 04:04:52PM -0500, Austin Gonyou wrote:
> Darn it....most of the krb5 code is there already. :( Should it be
> removed, or is the plan to wait till flux is at a minimum or no longer,
> and go ahead anyway?
GSSAPI is not krb5 at all. Besides krb5 implementations of GSS-API, there is
also a widely used implementation based on SSL and X.509 authentication
(www.globus.org/security/). Thus, the same openssh binary compiled with
GSS-API support can work either with krb5 or X.509 authentication -- the only
thing you have to do is supply the rigth gssapi library. And when some more
sophisticated implementation of gss library is available (I mean mechglue or
something similar), more different methods could be used with the same GSS
code at once.
I would really appreciate adding of the Simon's code. There are many users
who are already using it at this time and who must mantain a separate openssh
distribution.
>
> On Wed, 2002-05-15 at 22:03, Damien Miller wrote:
> > On 15 May 2002, Austin Gonyou wrote:
> >
> > > What is the target version for all the KRB5 bits to be in place. I
> > know
> > > there is very much in place right now, but I remember someone
> > mentioning
> > > there was just a GSSAPI/MITKRB5 patch being waited for.
> >
> > The GSSAPI patch has not been included - it is based on a protocol
> > spec
> > which seems to be still in flux.
> >
> > -d
> --
> Austin Gonyou
> Systems Architect, CCNA
> Coremetrics, Inc.
> Phone: 512-698-7250
> email: austin at coremetrics.com
>
> "One ought never to turn one's back on a threatened danger and
> try to run away from it. If you do that, you will double the danger.
> But if you meet it promptly and without flinching, you will
> reduce the danger by half."
> Sir Winston Churchill
More information about the openssh-unix-dev
mailing list