Problems connecting to Solaris 10 SSH fromGSSAPI-keyexpatchedOpenssh 4.2p1
Simon Wilkinson
simon at sxw.org.uk
Mon Sep 26 14:15:19 EDT 2005
Henry B. Hotz wrote:
> When will those patches be available at your web site?
>
> <http://www.sxw.org.uk/computing/patches/openssh.html>
It's there now. In addition to updating the patch to the OpenSSH 4.2p1
release, this version of the patch also fixes a number of outstanding
bugs in the key exchange support. It also merges in changes from Sam
Hartman's Debian patch set - Thanks to Sam and Alexandra Ellwood for
sending me these, and to David Leonard for poiting out the rekeying issues.
*) Implement GSS group exchange - this has been tested against Van
Dyke's implementation.
*) Disable DNS canonicalization of the hostname passed to the GSSAPI
library - an option is provided to allow this to be overriden on a
host by host basis.
*) Fix the crash when connecting to a server which supports sending a
hostkey as part of the GSSAPI key exchange.
*) Make GSS rekeying work when privsep is enabled
*) Fix incorrect naming of keyex userauth mechanism
*) Fix client crash when doing key exchange with expired credentials
*) Assorted buffer initialization fixes
This code also contains support for use the CCAPI under Darwin - this
has been lifted verbatim from Sam's patches. If there are any Darwin
users who could test this, that would be great.
Cheers,
Simon.
More information about the krbdev
mailing list