Kerberos and OpenSSH - Was:Kerberos password auth/expiry kbdint patch

Markus Friedl markus at
Fri May 16 16:12:13 EST 2003

On Fri, May 16, 2003 at 02:20:09AM +0100, Simon Wilkinson wrote:
> > Repeating myself (yet again): the new protocol 2 Krb auth method is a
> > near copy of what we have been using for protocol 1 for years.
> I've just checked the code, and it's not.

Still it's a near copy.

> The protocol v1 code returns a response packet from the server to the
> client. The v2 code doesn't do this (AIUI the kerberos-2 protocol
> doesn't support it), and so can't perform mutual authentication.

SSH already provides server authentication.

> In a quick pass of the code, I also think you're incorrectly using
> xfree() to free structures allocated by the Kerberos library.

yes, it seems so.


More information about the openssh-unix-dev mailing list