Need help with GSSAPI authentication

'Sergio Gelato' Sergio.Gelato at astro.su.se
Wed May 11 22:22:17 EST 2005


* Simon Gales [2005-05-11 07:01:35 -0500]:
> After more experimentation last night, I found that:
> + Putty (with patches) can authenticate but doesn't forward the tickets.

If you're in a position to apply patches, then maybe you should simply
patch the call to gss_init_sec_context() to enable credentials delegation.
See RFC 2744 sections 4.1 and 5.19.

Since all you need to do is set the GSS_C_DELEG_FLAG bit in the req_flags
argument, I guess it should be possible even without recompilation, by
patching the executable file with a binary editor.

> + SecureCRT can authenticate but doesn't forward the tickets.
> + OpenSSH works fine, using kinit to get my tickets initially.




More information about the openssh-unix-dev mailing list