Problems connecting to Solaris 10 SSH from GSSAPI-keyexpatchedOpenssh 4.2p1

Henry B. Hotz hotz at
Mon Sep 26 20:49:51 EDT 2005

Thanks!  I've been waiting for this.

On Sep 26, 2005, at 11:15 AM, Simon Wilkinson wrote:

> Henry B. Hotz wrote:
>> When will those patches be available at your web site?
>> <>
> It's there now. In addition to updating the patch to the OpenSSH 4.2p1
> release, this version of the patch also fixes a number of outstanding
> bugs in the key exchange support. It also merges in changes from Sam
> Hartman's Debian patch set - Thanks to Sam and Alexandra Ellwood for
> sending me these, and to David Leonard for poiting out the rekeying  
> issues.
>    *) Implement GSS group exchange - this has been tested against Van
>       Dyke's implementation.
>    *) Disable DNS canonicalization of the hostname passed to the GSSAPI
>       library - an option is provided to allow this to be overriden on  
> a
>       host by host basis.
>    *) Fix the crash when connecting to a server which supports sending  
> a
>       hostkey as part of the GSSAPI key exchange.
>    *) Make GSS rekeying work when privsep is enabled
>    *) Fix incorrect naming of keyex userauth mechanism
>    *) Fix client crash when doing key exchange with expired credentials
>    *) Assorted buffer initialization fixes
> This code also contains support for use the CCAPI under Darwin - this
> has been lifted verbatim from Sam's patches. If there are any Darwin
> users who could test this, that would be great.
> Cheers,
> Simon.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at, or hbhotz at

More information about the krbdev mailing list