On Jan 25, 5:51 am, Simon Wilkinson <[email protected]> wrote: > Hi, > > I'm pleased to announce the availability of my GSSAPI Key Exchange > patch for OpenSSH 5.7p1. In addition to adding support for key > exchange, vital for enterprise users of SSH and Kerberos, it also adds > a number of other GSSAPI related features: > *) Cascading Credential Renewal - when enabled, credentials > renewed on your local workstation are automatically forwarded to hosts > which you have logged in to. > *) Load balancer support - GSSAPI connections are now supported to > hosts behind a round-robin DNS load balancer > *) Multi-homed host support - GSSAPI connections can be performed > to hosts where each interface has a unique name > *) Identity selection - the client and server identity can be > selected, increasing flexibility in complex authentication scenarios. > > The latest version of the code is available from the git repository > athttps://github.com/SimonWilkinson/gss-openssh/ > > Patches can be downloaded > fromhttp://www.sxw.org.uk/computing/patches/openssh.html > > The only changes in this release are those necessary for the patch to > apply to the 5.7p1 tree. > > Cheers, > > Simon.
Hi Simon Are there any guidelines around the round-robin DNS load balancer support. I went through the changelog and the history but could not find any details. Is there anything more to it than using GSSAPIStrictAcceptCheck along with a properly configured keytab file on the systems behind the load balancer (what I've been doing so far). Any details will be very helpful. Thanks. Borislav ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
