Question on Kerberos (GSSAPI) auth

Douglas E Engert deengert at gmail.com
Thu Jan 19 02:25:06 AEDT 2017



On 1/18/2017 12:08 AM, Ron Frederick wrote:

>
> Right - when I set mutual_auth, it does have a token to send in this case, and after that both sides are complete. I agree that the code appears like it would handle multiple tokens on both sides as well, which might be useful if this code is ever used with something other than Kerberos. My implementation also supports this.
>

Well, there are other SSH mods to work with other GSS-API implementations. The mods are mostly for handling the delegated credentials.

http://toolkit.globus.org/toolkit/docs/5.0/5.0.4/security/openssh/pi/
https://github.com/globus/gsi-openssh

uses X509 via TLS and delegates X509 proxy certificates.


-- 

  Douglas E. Engert  <DEEngert at gmail.com>



More information about the openssh-unix-dev mailing list