GSSAPI Key Exchange Patch for OpenSSH 4.6p1

Simon Wilkinson sxw at inf.ed.ac.uk
Mon Mar 12 17:49:18 EDT 2007


Hi,

I'm pleased to announce the availability of my GSSAPI Key Exchange  
patch for OpenSSH 4.6p1.

This patch adds support for the RFC4462 GSSAPI key exchange  
mechanisms to OpenSSH, along with some minor fixes for the GSSAPI  
code that is already in the tree.

The patch implements:
   *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key  
exchange mechanisms. (#1242)
   *) Support for the null host key type (#1242)
   *) Support for CCAPI credentials caches on Mac OS X (#1245)
   *) Support for better error handling when an authentication  
exchange fails due to server misconfiguration (#1244)
   *) Better error reporting when using a GSSAPI library which  
supports multiple mechanisms (#1220)
   *) Support for GSSAPI connections to hosts behind a round-robin  
load balancer (#1008)
   *) Support for GSSAPI connections to multi-homed hosts, where each  
interface has a unique name (#928)
   *) Cleanup of GSSAPI code seperation between client and server.  
(#1225)

(bugzilla.mindrot.org bug numbers are in brackets)

The only change since the last release is a minor code fix.

As usual, the code is available from
http://www.sxw.org.uk/computing/patches/openssh.html

Cheers,

Simon.




More information about the Kerberos mailing list