Kerberos and OpenSSH - Was:Kerberos password auth/expiry kbdint patch

Stephen Smoogen smoogen at lanl.gov
Thu May 15 06:47:38 EST 2003 

I would also like to HIGHLY recommend the GSSAPI patches that Simon has
donated over the last couple of years. They have been excellent and have
helped us sell/install an opensource solution instead of other solutions
(and platforms). 

On Wed, 2003-05-14 at 14:24, Douglas E. Engert wrote:
> Rather then adding Kerberos password support directly into OpenSSH, I would 
> recommend  that you use GSSAPI support from Simon Wilkinson <simon at sxw.org.uk> 
> http://www.sxw.org.uk/computing/patches/openssh.html
> 
> If you must send the kerberos userid and password over the network then use 
> the PAM exits to authenticate to Kerberos. In other words avoid adding Kerberos
> directly into OpenSSH.
> 
> Simon's excellent GSSPAI code is following along closely with the IETF
> "GSSAPI Authentication and Key Exchange for the Secure Shell Protocol" 
> http://www.ietf.org/internet-drafts/draft-ietf-secsh-gsskeyex-06.txt
> 
> So I would like to ask the OpenSSH developers to pick up Simon's GSSAPI
> modifications instead. 
> 
> The GSSAPI has been implemented by a number of other vendor's as well,
> so having this in OpenSSH would greatly enhance interoperability. 
> 
> We have are now with Simon's mods on 3.6.1p2  and have run with way since 
> 3.0.2 on a number of platforms. We use Unix and Windows based ssh clients 
> to connect to the servers running OpenSSH. I am sure there are many others 
> sites doing the same thing and all of us would appreciate it if GSSAPI mods 
> where included in the base OpenSSH source. 
> 
> "James F.Hranicky" wrote:
> > 
> > Is anyone interested in the patch I submitted to this list adding keyboard
> > interactive Kerberos support (i.e., should I submit a bugzilla report)?
> > 
> > If not, I can ust maintain it locally.
> > 
> > Thanks,
> > 
> > ----------------------------------------------------------------------
> > | Jim Hranicky, Senior SysAdmin                   UF/CISE Department |
> > | E314D CSE Building                            Phone (352) 392-1499 |
> > | jfh at cise.ufl.edu                      http://www.cise.ufl.edu/~jfh |
> > ----------------------------------------------------------------------
> >                           About politics:
> >                      Don't worry about results
> >                    It's the thought that counts
> > 
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
> -- 
> 
>  Douglas E. Engert  <DEEngert at anl.gov>
>  Argonne National Laboratory
>  9700 South Cass Avenue
>  Argonne, Illinois  60439 
>  (630) 252-5444
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
-- 
Stephen John Smoogen		smoogen at lanl.gov
Los Alamos National Labrador  CCN-5 Sched 5/40  PH: 4-0645 (note new #)
Ta-03 SM-1498 MailStop B255 DP 10S  Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --

More information about the openssh-unix-dev mailing list