[Bug 958] patch to support GSI GSSAPI mechanism
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Dec 3 03:27:08 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=958
Summary: patch to support GSI GSSAPI mechanism
Product: Portable OpenSSH
Version: 3.9p1
Platform: All
URL: http://grid.ncsa.uiuc.edu/ssh/
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Miscellaneous
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: jbasney at ncsa.uiuc.edu
The following patch adds support for the GSI GSSAPI mechanism to
OpenSSH. It adds gss-serv-gsi.c (similar to gss-serv-krb5.c) and
modifies Makefile.in, acconfig.h, configure.ac, and gss-serv.c to
support the new GSSAPI mechanism. It also makes a one-line change to
auth2-gss.c to initialize the flags passed in to
gss_accept_sec_context() as required by the GSI GSSAPI library.
The GSI GSSAPI mechanism implements authentication and delegation
(credential forwarding) for X.509 proxy certificates (RFC3820) and is
implemented by the Globus Toolkit (http://www.globus.org/toolkit/).
We've been using GSI with OpenSSH for over 3 years, using Simon
Wilkinson's OpenSSH GSSAPI patch, and in that time "GSI-enabled"
OpenSSH has become important software for grid computing on, for
example, the TeraGrid (http://www.teragrid.org/).
Now that OpenSSH includes GSSAPI support for Kerberos, we'd be pleased
if you could apply this patch for GSI GSSAPI support. NCSA is
committed to supporting GSI with OpenSSH, and we'd be responsive to
any issues that come up related to the GSI code in OpenSSH, if you
choose to include it.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list