On Thursday 20 December 2001 21:55, Douglas E. Engert wrote: > I would like to complement you on the excellent GSSAPI mods for > OPenSSH-2.9p2.
Thanks - I'm glad that they have been of use to people! > In the meantime to get away from ssh-1.2.* we need a common > Kerberos type method across all the platforms, and so have modified > the openssh-2.9p2 GSSAPI mods for sshv2 to also work with the older > sshv1 GSSAPI mods, and allow for a transition from ssh-1.2.* to > openssh using sshv1, then to openssh sshv2. Could you elaborate (privately if necessary) on what these modifications involved? > So I would like to encourage you to update your GSSAPI mods in line > with the IETF drafts for openssh-3.0.2. Any idea when these might be > available? Patches for openssh-3.0.2 should be available shortly (tomorrow, if all goes to plan). These modifications implement all of the required elements of version 2 of the GSSAPI draft, the only unimplemented aspect is using GSSAPI to secure the exchange of SSH public keys. It would be nice to add this, but I'm trying to limit my interactions with the rest of the OpenSSH code, in the hope that this will increase the likelihood of the patches being accepted. Things are complicated slightly by interdependencies between the GSSAPI patches for protocol v2, and the patches I've written for Kerberos support in protocol v1. I'm currently maintaining these seperately, so as to make it easier for them to be merged into the OpenSSH distribution. Cheers, Simon
