Bug in Sam's OpenSSH patches?
Simon Wilkinson
sxw at sxw.org.uk
Wed Apr 13 07:34:51 EDT 2005
Henry B. Hotz wrote:
> I D/L'd and built on MacOS 10.3. Tried client against Solaris 10 server.
>
> It works without any keys in the known_hosts file, but it uses
> gssapi-with-mic for the userauth method instead of gssapi-keyex.
Sam's Debian package appears to contain an older version of my patches
for doing key exchange with OpenSSH. These patches don't support
gssapi-keyex. The new gssapi-keyex method is a fairly recently
replacement for the flawed external-keyex user auth mechanism.
I do have patches to implement both gssapi-keyex, and the new GSSAPI
Diffie Hellman group exchange mechanisms, which I'd be happy to give to
those who want.
Cheers,
Simon.
More information about the krbdev
mailing list