gssapi-with-mic and Win2K KDC?
Aaron Grewell
agrewell at uwb.edu
Sat May 29 02:58:51 EST 2004
Upgrading to the 3.8.x versions of OpenSSH appears to have broken
support for Win2K KDC's. Win2K supports gssapi just fine, but the new
gssapi-with-mic does not appear to work. I was able to use the old
3.6.x versions with Kerberos authentication, and the newer 3.7.x
versions with gssapi authentication, but 3.8.x does not seem to work at
all. The mitm patch provided for 3.8p1 does work, but it seems unlikely
it will be maintained over the long term. What are the odds the gssapi
functionality might be retained for compatibility purposes? Even if it
were a default-off compile-time option that would work for me. The
soonest MS would be likely to update their gssapi support would be
Longhorn Server in the 2006-2007 timeframe (if at all) so the
interoperability issues with their KDC's are likely to continue for some
time to come.
Thanks much,
Aaron Grewell
Network Administrator
University of Washington Bothell
More information about the openssh-unix-dev
mailing list