Kerberos and OpenSSH - Was:Kerberos password auth/expiry kbdint patch

Simon Wilkinson sxw at
Fri May 16 11:20:09 EST 2003

> Repeating myself (yet again): the new protocol 2 Krb auth method is a
> near copy of what we have been using for protocol 1 for years.

I've just checked the code, and it's not.

The protocol v1 code returns a response packet from the server to the
client. The v2 code doesn't do this (AIUI the kerberos-2 protocol
doesn't support it), and so can't perform mutual authentication.

In a quick pass of the code, I also think you're incorrectly using
xfree() to free structures allocated by the Kerberos library.



More information about the openssh-unix-dev mailing list