GSSAPI Key Exchange patches for OpenSSH 4.3p2
Simon Wilkinson
simon at sxw.org.uk
Mon Mar 6 07:40:26 EST 2006
Patches supporting GSSAPI Key Exchange in OpenSSH 4.3p2 are now
available from http://www.sxw.org.uk/computing/patches/openssh.html
These patches add support for performing GSSAPI key exchange to the
OpenSSH client and server. Whilst OpenSSH contains support for using
GSSAPI in the user authentication step, this is inadequate for many
sites, as it doesn't provide a mechanism for using GSSAPI/Kerberos to
verify the server's identity to the user. Using GSSAPI key exchange uses
Kerberos to validate the servers identity, and can eliminate the need to
maintain known hosts files of server public keys across your site.
These patches also contain a number of improvements as a result of
resyncing against the Debian patch set, including:
*) Support for the CCAPI on Darwin
*) Support for the Security Session API on Darwin
*) Support for not counting failures due to bad server configuration
against the clients number of permitted authentication attempts
Thanks to Sam Hartman, Alexandra Ellwood and Harald Barth
Cheers,
Simon.
More information about the Kerberos
mailing list