OpenSSH 4.3p2, MIT KfW 3.0 and Cygwin

Dan Peterson petesea at
Tue Apr 18 05:00:57 EST 2006

On Wed, 12 Apr 2006, Carson Gaspar wrote:

> --On Wednesday, April 12, 2006 2:26 PM -0700 Dan Peterson 
> <petesea at> wrote:
>> The GOAL is a GSSAPI enabled ssh client (preferably with gssapi-keyex 
>> support) that uses the nice GUI front-end provided by KfW.  Those 
>> windows users get too confused if you tell them they have to go to the 
>> command prompt and run "kinit" every morning.
> FYI if you use the native SSPI, your tickets are refreshed every time 
> you unlock your screen. Of course SSPI presumes you either use your AD 
> servers as your KDCs for all systems, or that you have a trust 
> relationship between the realms.

I'm (mostly) aware of SSPI, but as I understand it, it means the 
authentication for the entire workstation needs to change.  I only want to 
use ssh with gssapi on a per application basis (CVS/Subversion).  Simply 
put, I don't have enough control over the developers (thousands) to 
require they change the authentication defaults for their workstation. 
Nor do I have ANY control over the KDCs or AD servers.

More information about the openssh-unix-dev mailing list