Kerberos and OpenSSH - Was:Kerberos password auth/expiry kbdint patch
Simon Wilkinson
sxw at inf.ed.ac.uk
Fri May 16 11:20:09 EST 2003
> Repeating myself (yet again): the new protocol 2 Krb auth method is a
> near copy of what we have been using for protocol 1 for years.
I've just checked the code, and it's not.
The protocol v1 code returns a response packet from the server to the
client. The v2 code doesn't do this (AIUI the kerberos-2 protocol
doesn't support it), and so can't perform mutual authentication.
In a quick pass of the code, I also think you're incorrectly using
xfree() to free structures allocated by the Kerberos library.
Cheers,
Simon.
More information about the openssh-unix-dev
mailing list