Bug in Sam's OpenSSH patches?
Sam Hartman
hartmans at MIT.EDU
Wed Apr 13 15:37:36 EDT 2005
>>>>> "Simon" == Simon Wilkinson <sxw at sxw.org.uk> writes:
Simon> Henry B. Hotz wrote:
>> I D/L'd and built on MacOS 10.3. Tried client against Solaris
>> 10 server. It works without any keys in the known_hosts file,
>> but it uses gssapi-with-mic for the userauth method instead of
>> gssapi-keyex.
Simon> Sam's Debian package appears to contain an older version of
Simon> my patches for doing key exchange with OpenSSH. These
Simon> patches don't support gssapi-keyex. The new gssapi-keyex
Simon> method is a fairly recently replacement for the flawed
Simon> external-keyex user auth mechanism.
Simon> I do have patches to implement both gssapi-keyex, and the
Simon> new GSSAPI Diffie Hellman group exchange mechanisms, which
Simon> I'd be happy to give to those who want.
Yes. I needed something that supported gssapi-with-mic, and you
didn't have it on your site and were not responding to email so I went
ahead and implemented something.
If you have something more modern I should be using I'd be happy to
upgrade.
More information about the krbdev
mailing list