Bug in Sam's OpenSSH patches?
Henry B. Hotz
hotz at jpl.nasa.gov
Wed Apr 13 17:48:34 EDT 2005
Thanks, Simon! I'm sure I'm not the only one happy to get the latest
version.
And Nico, I appreciate you're confirming my read of the debug printout.
I *was* happy! ;-)) I did get a connection all the way through
without any questions. Just confused because it didn't happen the way
I expected.
On Apr 13, 2005, at 1:47 PM, Simon Wilkinson wrote:
> I've finally got around to producing a patch set for 4.0p1. This both
> contains support for key-exchange, and adds support for the
> gssapi-keyex userauth mechanism (which avoids the double
> authentication steps that started this entire discussion!)
>
> http://www.sxw.org.uk/computing/patches/openssh-4.0p1-gssapikex.patch
>
> I've also uploaded the backwards compatibility patch that I posted to
> the OpenSSH list a while back - this adds an option to enable the old
> 'gssapi' mechanism, which is vulnerable to a MITM attack under certain
> circumstances. This is at
>
> http://www.sxw.org.uk/computing/patches/openssh-3.8p1-gssapimitm.patch
>
> Cheers,
>
> Simon.
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list