Bug in Sam's OpenSSH patches?
Jeffrey Altman
jaltman at secure-endpoints.com
Wed Apr 13 10:19:55 EDT 2005
Please share.
Jeffrey Altman
Simon Wilkinson wrote:
> Henry B. Hotz wrote:
>
>> I D/L'd and built on MacOS 10.3. Tried client against Solaris 10
>> server.
>>
>> It works without any keys in the known_hosts file, but it uses
>> gssapi-with-mic for the userauth method instead of gssapi-keyex.
>
>
> Sam's Debian package appears to contain an older version of my patches
> for doing key exchange with OpenSSH. These patches don't support
> gssapi-keyex. The new gssapi-keyex method is a fairly recently
> replacement for the flawed external-keyex user auth mechanism.
>
> I do have patches to implement both gssapi-keyex, and the new GSSAPI
> Diffie Hellman group exchange mechanisms, which I'd be happy to give
> to those who want.
>
> Cheers,
>
> Simon.
>
>
>
>
> .
>
More information about the krbdev
mailing list