Bug in Sam's OpenSSH patches?
jhutz at cmu.edu
Wed Apr 13 17:13:03 EDT 2005
On Wednesday, April 13, 2005 09:47:42 PM +0100 Simon Wilkinson
<sxw at sxw.org.uk> wrote:
> Sam Hartman wrote:
>> Yes. I needed something that supported gssapi-with-mic, and you
>> didn't have it on your site and were not responding to email so I went
>> ahead and implemented something.
> Sorry, I must have missed that mail. I have been somewhat tardy about
> uploading new versions of the OpenSSH patches - it took a while to
> untangle them again after merging the userauth code into OpenSSH.
>> If you have something more modern I should be using I'd be happy to
> I've finally got around to producing a patch set for 4.0p1. This both
> contains support for key-exchange, and adds support for the gssapi-keyex
> userauth mechanism (which avoids the double authentication steps that
> started this entire discussion!)
> I've also uploaded the backwards compatibility patch that I posted to the
> OpenSSH list a while back - this adds an option to enable the old
> 'gssapi' mechanism, which is vulnerable to a MITM attack under certain
> circumstances. This is at
Thank you, Simon. This work will let me (finally!) deploy code at my site
that actually implements the draft I co-authored.
More information about the krbdev