Bug in Sam's OpenSSH patches?

Simon Wilkinson sxw at sxw.org.uk
Wed Apr 13 07:34:51 EDT 2005

Henry B. Hotz wrote:

> I D/L'd and built on MacOS 10.3.  Tried client against Solaris 10  server.
> It works without any keys in the known_hosts file, but it uses  
> gssapi-with-mic for the userauth method instead of gssapi-keyex.

Sam's Debian package appears to contain an older version of my patches 
for doing key exchange with OpenSSH. These patches don't support 
gssapi-keyex. The new gssapi-keyex method is a fairly recently 
replacement for the flawed external-keyex user auth mechanism.

I do have patches to implement both gssapi-keyex, and the new GSSAPI 
Diffie Hellman group exchange mechanisms, which I'd be happy to give to 
those who want.



More information about the krbdev mailing list