Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts
bugzilla-daemon at mindrot
Sep 10, 2006, 7:04 AM
Post #1 of 1 (423 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=928





------- Comment #3 from simon@sxw.org.uk 2006-09-11 00:04 -------
Created an attachment (id=1182)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1182&action=view)
Add new option to allow better operation on multi-homed hosts

This fix takes advantage of recent movements in both Heimdal
and MIT Kerberos to support the use of GSS_C_NO_CREDENTIALS to
indicate that any credential in the default keytab may be used to
accept connections on a multi-homed host.

The attached patch adds a new option, 'GSSAPIStrictAcceptorCheck',
which defaults to 'yes'. If it is disabled, then GSS_C_NO_CREDENTIALS
is used instead of the default acceptor credential. This relies on the
system administrator only having trusted server keys in
/etc/krb5.keytab
- but if they haven't, they've lost anyway.

Note that this patch needs to be applied after the code tidy up patch
in
bug #1225




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal