Announce: GSSAPI Key Exchange Patch for OpenSSH 5.7p1
Borislav_S
borislav.stoichkov at gmail.com
Wed Jan 26 22:20:30 EST 2011
On Jan 25, 5:51 am, Simon Wilkinson <s... at inf.ed.ac.uk> wrote:
> Hi,
>
> I'm pleased to announce the availability of my GSSAPI Key Exchange
> patch for OpenSSH 5.7p1. In addition to adding support for key
> exchange, vital for enterprise users of SSH and Kerberos, it also adds
> a number of other GSSAPI related features:
> *) Cascading Credential Renewal - when enabled, credentials
> renewed on your local workstation are automatically forwarded to hosts
> which you have logged in to.
> *) Load balancer support - GSSAPI connections are now supported to
> hosts behind a round-robin DNS load balancer
> *) Multi-homed host support - GSSAPI connections can be performed
> to hosts where each interface has a unique name
> *) Identity selection - the client and server identity can be
> selected, increasing flexibility in complex authentication scenarios.
>
> The latest version of the code is available from the git repository athttps://github.com/SimonWilkinson/gss-openssh/
>
> Patches can be downloaded fromhttp://www.sxw.org.uk/computing/patches/openssh.html
>
> The only changes in this release are those necessary for the patch to
> apply to the 5.7p1 tree.
>
> Cheers,
>
> Simon.
Hi Simon
Are there any guidelines around the round-robin DNS load balancer
support. I went through the changelog and the history but could not
find any details. Is there anything more to it than using
GSSAPIStrictAcceptCheck along with a properly configured keytab file
on the systems behind the load balancer (what I've been doing so far).
Any details will be very helpful. Thanks.
Borislav
More information about the Kerberos
mailing list