Bug in Sam's OpenSSH patches?

Sam Hartman hartmans at MIT.EDU
Wed Apr 13 15:37:36 EDT 2005

>>>>> "Simon" == Simon Wilkinson <sxw at sxw.org.uk> writes:

    Simon> Henry B. Hotz wrote:
    >> I D/L'd and built on MacOS 10.3.  Tried client against Solaris
    >> 10 server.  It works without any keys in the known_hosts file,
    >> but it uses gssapi-with-mic for the userauth method instead of
    >> gssapi-keyex.

    Simon> Sam's Debian package appears to contain an older version of
    Simon> my patches for doing key exchange with OpenSSH. These
    Simon> patches don't support gssapi-keyex. The new gssapi-keyex
    Simon> method is a fairly recently replacement for the flawed
    Simon> external-keyex user auth mechanism.

    Simon> I do have patches to implement both gssapi-keyex, and the
    Simon> new GSSAPI Diffie Hellman group exchange mechanisms, which
    Simon> I'd be happy to give to those who want.

Yes.  I needed something that supported gssapi-with-mic, and you
didn't have it on your site and were not responding to email so I went
ahead and implemented something.

If you have something more modern I should be using I'd be happy to

More information about the krbdev mailing list