Mailing List Archive: OpenSSH and Kerberos V support...

OpenSSH and Kerberos V support...

Peter.Losher at iengines

Dec 8, 1999, 3:55 PM

Post #1 of 7 (1306 views)

> I have received a patch (attached) which adds Kerberos V support to
> OpenSSH. I recall some discussion about KRBV support on the list
> previously; it was mentioned that there was a problem in providing it
> in a manner compatible with the current KRBIV support.

Any status of these patches being implemented in the source tree yet?

Thanks - Peter

Re: OpenSSH and Kerberos V support... [ In reply to ]

Dec 8, 1999, 4:08 PM

Post #2 of 7 (1295 views)

Peter Losher wrote:
>
> > I have received a patch (attached) which adds Kerberos V support to
> > OpenSSH. I recall some discussion about KRBV support on the list
> > previously; it was mentioned that there was a problem in providing it
> > in a manner compatible with the current KRBIV support.
>
> Any status of these patches being implemented in the source tree yet?

Unfortunatly no.

There were questions regarding the exportability of the patches (they
were written in the USA) and the author eventually withdrew them.

Regards,
Damien Miller

Re: OpenSSH and Kerberos V support... [ In reply to ]

dugsong at monkey

Dec 8, 1999, 4:18 PM

Post #3 of 7 (1293 views)

On Thu, 9 Dec 1999, Damien Miller wrote:

> There were questions regarding the exportability of the patches (they
> were written in the USA) and the author eventually withdrew them.

that's funny - Tatu Ylonen managed to merge, and then redistribute Glenn
Machin's patch just fine for ssh-1.2.2x...

an earlier, license-unencumbered patch was already posted to this list, in
case a non-US programmer wants to give it a stab. Bjoern Groenvall
expressed some interest in doing this some time ago (for ossh, which was
the basis for OpenSSH)...

-d.

---
http://www.monkey.org/~dugsong/

Re: OpenSSH and Kerberos V support... [ In reply to ]

Dec 9, 1999, 8:19 AM

Post #4 of 7 (1293 views)

On Wed, 8 Dec 1999, Dug Song wrote:

> On Thu, 9 Dec 1999, Damien Miller wrote:
>
> > There were questions regarding the exportability of the patches (they
> > were written in the USA) and the author eventually withdrew them.
>
> that's funny - Tatu Ylonen managed to merge, and then redistribute Glenn
> Machin's patch just fine for ssh-1.2.2x...

We're consulting with our lawyers about the legality of exporting a U.S.
patch to add K5 support. Given that, I don't expect an answer right away.

=====================================================================
Mike Fisk | (505)667-5119 | MS B255
Network Engineering (CIC-5) | | Los Alamos National Lab
mfisk@lanl.gov | FAX: 665-7793 | Los Alamos, NM 87545

Re: OpenSSH and Kerberos V support... [ In reply to ]

Peter.Losher at nominum

May 6, 2000, 6:15 PM

Post #5 of 7 (1292 views)

<drags out REALLY OLD topic from the trash heap>

Was there ever any resolution to this (adding a patch for Krb6 support)?
(I would like to replace all the SSH daemons here with OpenSSH, but it's a
requirement that it be able to pass Krb5 tickets, etc.)

Best Wishes - Peter

On Thu, 9 Dec 1999, Mike Fisk wrote:

> On Wed, 8 Dec 1999, Dug Song wrote:
>
> > On Thu, 9 Dec 1999, Damien Miller wrote:
> >
> > > There were questions regarding the exportability of the patches (they
> > > were written in the USA) and the author eventually withdrew them.
> >
> > that's funny - Tatu Ylonen managed to merge, and then redistribute Glenn
> > Machin's patch just fine for ssh-1.2.2x...
>
> We're consulting with our lawyers about the legality of exporting a U.S.
> patch to add K5 support. Given that, I don't expect an answer right away.
>
> =====================================================================
> Mike Fisk | (505)667-5119 | MS B255
> Network Engineering (CIC-5) | | Los Alamos National Lab
> mfisk@lanl.gov | FAX: 665-7793 | Los Alamos, NM 87545
>
>

---
Peter Losher <Peter.Losher@nominum.com>
Systems Admin. - Nominum, Inc. PGP key available on request

Re: OpenSSH and Kerberos V support... [ In reply to ]

May 7, 2000, 6:47 AM

Post #6 of 7 (1302 views)

You have good timing. I just asked Theo (head of OpenBSD) and even with
the new US crypto laws, he still wants to keep US crypto code out of the
source. So that rules out the patch that LANL had.

On February 7, I forwarded to the openssh list a link to a patch to make
OpenSSH work with Heimdal. The auther appears to be in the Czech
Republic. However, I didn't see any reaction to it on the openssh list.
The patch still seems to be available at:
http://www.fi.muni.cz/~kouril/openssh-1.2.1pre24.patch

Many of us would greatly appreciate it if someone in the free world would
please produce a patch for the current version of OpenSSH and submit it to
OpenBSD.

Thanks,
--
Mike Fisk, RADIANT Team, Network Engineering Group, Los Alamos National Lab
See http://home.lanl.gov/mfisk/ for contact information

Re: OpenSSH and Kerberos V support... [ In reply to ]

May 8, 2000, 4:13 PM

Post #7 of 7 (1297 views)

On Sun, 7 May 2000, Mike Fisk wrote:

> You have good timing. I just asked Theo (head of OpenBSD) and even with
> the new US crypto laws, he still wants to keep US crypto code out of the
> source. So that rules out the patch that LANL had.
>
> On February 7, I forwarded to the openssh list a link to a patch to make
> OpenSSH work with Heimdal. The auther appears to be in the Czech
> Republic. However, I didn't see any reaction to it on the openssh list.
> The patch still seems to be available at:
> http://www.fi.muni.cz/~kouril/openssh-1.2.1pre24.patch
>
> Many of us would greatly appreciate it if someone in the free world would
> please produce a patch for the current version of OpenSSH and submit it to
> OpenBSD

I think the OpenBSD developers would appreciate that too, as they are
include krb5 in their upcoming release.

If someone wants to clean up the above patch for the 2.0.0 beta then
I will consider adding it.

-d

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)