GSSAPI
Scott Neugroschl
scott_n at xypro.com
Tue Aug 26 08:53:13 EST 2014
In the patch, at line 2687 of http://pkgs.fedoraproject.org/cgit/openssh.git/tree/openssh-6.6p1-gsskex.patch, we have
@@ -2488,6 +2495,48 @@ do_ssh2_kex(void)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
list_hostkey_types());
+#ifdef GSSAPI
+ {
+ char *orig;
+ char *gss = NULL;
+ char *newstr = NULL;
+ orig = myproposal[PROPOSAL_KEX_ALGS]; <<<=== HERE 1
+
+ /*
+ * If we don't have a host key, then there's no point advertising
+ * the other key exchange algorithms
+ */
+
+ if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) <<<=== HERE 2
+ orig = NULL;
Note that at the lines marked HERE 1 and HERE 2, orig refers to two separate things.
Is this inconsistency in reference intended?
-----Original Message-----
From: Andreas Schneider [mailto:asn at cryptomilk.org]
Sent: Monday, July 21, 2014 4:16 AM
To: openssh-unix-dev at mindrot.org
Cc: Scott Neugroschl
Subject: Re: GSSAPI
On Tuesday 15 July 2014 21:52:33 Scott Neugroschl wrote:
> If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I
> still need to get Simon Wilkinson's patches?
As the FreeIPA project has support for managing SSH Keys they have a maintained patchset for GSSAPI support. You can take a look here:
http://pkgs.fedoraproject.org/cgit/openssh.git/tree/
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
www.cryptomilk.org asn at cryptomilk.org
More information about the openssh-unix-dev
mailing list