sshd, Tiger and KRB5CCNAME

Simon Wilkinson simon at
Tue Aug 29 10:13:41 EDT 2006

On 25 Aug 2006, at 19:58, Alexandra Ellwood wrote:

> Is the CCAPI patch even in what went out in the Tiger security  
> update?  AFAICT, it's not, so perhaps the machines where it isn't  
> working have taken the update and the others have not.

No, it is. It looks like the Tiger security update combines the 4.2p1  
OpenSSH release, with the latest version of my GSSAPI patches. These  
patches included CCAPI support, but had a mistake where 'FILE:' was  
appended to the ccname when creating the environment variable for the  
ccache, rather than using 'API:'. You can get access to the delegated  
cache by either changing, or unsetting, your KRB5CCNAME shell variable

GssapiKeyExchange is also present, but is now hidden behind an option  
defaulting to off.


More information about the Kerberos mailing list