GSSAPI Key Exchange for 4.4p1

Simon Wilkinson sxw at inf.ed.ac.uk
Tue Oct 3 06:40:28 EST 2006


Hi,

I'm pleased to be able to announce the availability of my GSSAPI Key
Exchange patch for OpenSSH 4.4p1.

This patch adds RFC4462 compatibility to OpenSSH, along with adding
additional GSSAPI support that is yet to make it into the main tree.

The patch implements:
   *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key
      exchange mechanisms. This can be enabled through the
      GSSAPIKeyExchange option on both client and server
      (bugzilla.mindrot.org #1242)
   *) Support for the null host key type
   *) Support for CCAPI caches on Mac OS X
      (bugzilla.mindrot.org #1245)
   *) Don't penalise the client for authentication failures caused by
      server misconfiguration
      (bugzilla.mindrot.org #1244)
   *) Better error reporting when using GSSAPI libraries containing
      multiple mechanisms
      (bugzilla.mindrot.org #1220)
   *) Support for GSSAPI connections to hosts using a round-robin load
      balancer, through the GSSAPITrustDNS client option
      (bugzilla.mindrot.org #1008)
   *) Support for GSSAPI connections to multi-homed hosts with multiple
      acceptor names, though the GSSAPIStrictAcceptorCheck server option
      (bugzilla.mindrot.org #928)
   *) Tidy GSSAPI code seperation between client and server
      (bugzilla.mindrot.org #1225)

As usual the code is available from
http://www.sxw.org.uk/computing/patches/openssh.html

Thanks again to everyone who has sent patches and suggestions over the
years!

Cheers,

Simon.



More information about the openssh-unix-dev mailing list