GSSAPI Key Exchange Patch for OpenSSH 4.7p1
Nicolas Williams
Nicolas.Williams at sun.com
Fri Sep 28 17:40:23 EDT 2007
On Fri, Sep 28, 2007 at 04:26:14PM -0500, Douglas E. Engert wrote:
> Sounds interesting. And yes, I would be interested in
> the cascading credentials delegation code. Does the
> delegation code depend on the key exchange code?
Protocol-wise, yes, it does.
There's two ways to use the GSS-API in SSHv2:
- userauth only, but this happens once at the start of the session, so
you can't delegate credentials after that
- key exchange (and optionally userauth), which can be done again and
again over the lifetime of the session
Nico
--
More information about the Kerberos
mailing list