Kerberos and OpenSSH - Was:Kerberos password auth/expiry kbdint patch
Markus Friedl
markus at openbsd.org
Fri May 16 16:12:13 EST 2003
On Fri, May 16, 2003 at 02:20:09AM +0100, Simon Wilkinson wrote:
>
> > Repeating myself (yet again): the new protocol 2 Krb auth method is a
> > near copy of what we have been using for protocol 1 for years.
>
> I've just checked the code, and it's not.
Still it's a near copy.
> The protocol v1 code returns a response packet from the server to the
> client. The v2 code doesn't do this (AIUI the kerberos-2 protocol
> doesn't support it), and so can't perform mutual authentication.
SSH already provides server authentication.
> In a quick pass of the code, I also think you're incorrectly using
> xfree() to free structures allocated by the Kerberos library.
yes, it seems so.
-m
More information about the openssh-unix-dev
mailing list