GSSAPI patch for multihomed hosts
Jacques A. Vidrine
nectar at FreeBSD.org
Fri Mar 26 02:51:56 EST 2004
On Wed, Mar 24, 2004 at 12:34:23AM -0000, Markus Moeller wrote:
> Hi,
>
> This is another attempt to get my gssapi for multi homed systems into
> openssh. Please find attach a small change so that gssapi authentication
> works on multihomed systems.
I don't think this patch should be applied. At least in the
(MIT|Heimdal) Kerberos case, it is better to simply pass GSS_C_NO_NAME
to gss_acquire_cred to accomplish the same thing.
More desirable IMHO is a patch for the client to use HostKeyAlias
to compute the GSSAPI name (so that tunneled SSH+GSSAPI connections
work). I have something similar (but uses a different option name).
Due to compatiblity issues, I'm still on OpenSSH 3.6.1+GSSAPI patches,
but when I get a chance to migrate to 3.8 I will post patches here.
Cheers,
--
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the openssh-unix-dev
mailing list