Bug in Sam's OpenSSH patches?

Simon Wilkinson sxw at sxw.org.uk
Wed Apr 13 16:47:42 EDT 2005

Sam Hartman wrote:

> Yes.  I needed something that supported gssapi-with-mic, and you
> didn't have it on your site and were not responding to email so I went
> ahead and implemented something.

Sorry, I must have missed that mail. I have been somewhat tardy about 
uploading new versions of the OpenSSH patches - it took a while to 
untangle them again after merging the userauth code into OpenSSH.

> If you have something more modern I should be using I'd be happy to
> upgrade.

I've finally got around to producing a patch set for 4.0p1. This both 
contains support for key-exchange, and adds support for the gssapi-keyex 
userauth mechanism (which avoids the double authentication steps that 
started this entire discussion!)


I've also uploaded the backwards compatibility patch that I posted to 
the OpenSSH list a while back - this adds an option to enable the old 
'gssapi' mechanism, which is vulnerable to a MITM attack under certain 
circumstances. This is at




More information about the krbdev mailing list