Announce: GSSAPI Key Exchange Patch for OpenSSH 5.7p1

Borislav_S borislav.stoichkov at
Wed Jan 26 22:20:30 EST 2011

On Jan 25, 5:51 am, Simon Wilkinson <s... at> wrote:
> Hi,
> I'm pleased to announce the availability of my GSSAPI Key Exchange  
> patch for OpenSSH 5.7p1. In addition to adding support for key  
> exchange, vital for enterprise users of SSH and Kerberos, it also adds  
> a number of other GSSAPI related features:
>     *) Cascading Credential Renewal - when enabled, credentials  
> renewed on your local workstation are automatically forwarded to hosts  
> which you have logged in to.
>     *) Load balancer support - GSSAPI connections are now supported to  
> hosts behind a round-robin DNS load balancer
>     *) Multi-homed host support - GSSAPI connections can be performed  
> to hosts where each interface has a unique name
>     *) Identity selection - the client and server identity can be  
> selected, increasing flexibility in complex authentication scenarios.
> The latest version of the code is available from the git repository at
> Patches can be downloaded from
> The only changes in this release are those necessary for the patch to  
> apply to the 5.7p1 tree.
> Cheers,
> Simon.

Hi Simon

Are there any guidelines around the round-robin DNS load balancer
support. I went through the changelog and the history but could not
find any details. Is there anything more to it than using
GSSAPIStrictAcceptCheck along with a properly configured keytab file
on the systems behind the load balancer (what I've been doing so far).
Any details will be very helpful. Thanks.


More information about the Kerberos mailing list