Problems connecting to Solaris 10 SSH fromGSSAPI-keyexpatchedOpenssh 4.2p1

Simon Wilkinson simon at
Mon Sep 26 14:15:19 EDT 2005

Henry B. Hotz wrote:
> When will those patches be available at your web site?
> <>

It's there now. In addition to updating the patch to the OpenSSH 4.2p1
release, this version of the patch also fixes a number of outstanding
bugs in the key exchange support. It also merges in changes from Sam
Hartman's Debian patch set - Thanks to Sam and Alexandra Ellwood for
sending me these, and to David Leonard for poiting out the rekeying issues.

   *) Implement GSS group exchange - this has been tested against Van
      Dyke's implementation.
   *) Disable DNS canonicalization of the hostname passed to the GSSAPI
      library - an option is provided to allow this to be overriden on a
      host by host basis.
   *) Fix the crash when connecting to a server which supports sending a
      hostkey as part of the GSSAPI key exchange.
   *) Make GSS rekeying work when privsep is enabled
   *) Fix incorrect naming of keyex userauth mechanism
   *) Fix client crash when doing key exchange with expired credentials
   *) Assorted buffer initialization fixes

This code also contains support for use the CCAPI under Darwin - this
has been lifted verbatim from Sam's patches. If there are any Darwin
users who could test this, that would be great.



More information about the krbdev mailing list