GSSAPI patch for multihomed hosts

Jacques A. Vidrine nectar at FreeBSD.org
Fri Mar 26 02:51:56 EST 2004


On Wed, Mar 24, 2004 at 12:34:23AM -0000, Markus Moeller wrote:
> Hi,
> 
> This is another attempt to get my gssapi for multi homed systems into
> openssh. Please find attach a small change so that gssapi authentication
> works on multihomed systems.

I don't think this patch should be applied.  At least in the
(MIT|Heimdal) Kerberos case, it is better to simply pass GSS_C_NO_NAME
to gss_acquire_cred to accomplish the same thing.

More desirable IMHO is a patch for the client to use HostKeyAlias
to compute the GSSAPI name (so that tunneled SSH+GSSAPI connections
work).  I have something similar (but uses a different option name).
Due to compatiblity issues, I'm still on OpenSSH 3.6.1+GSSAPI patches,
but when I get a chance to migrate to 3.8 I will post patches here.

Cheers,
-- 
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org




More information about the openssh-unix-dev mailing list