Bug 62985

Summary: Openssh kerberos patch requested
Product: [Retired] Red Hat Linux Reporter: Eric Seppanen <eds>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED CURRENTRELEASE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-02-04 13:00:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eric Seppanen 2002-04-08 21:37:59 UTC 
Openssh has limited, dated, and buggy support for Kerberos authentication.  For
some time a patch has been maintained by Simon Wilkinson at:

http://www.sxw.org.uk/computing/patches/openssh.html

This patch works very well and has been steadily maintained for some time.  At
the same time it would appear the little Kerberos code in Openssh is suffering
from bit-rot; it seems to be quite incomplete and buggy.  Simon's code seems
quite well respected on the openssh mailing list, but hasn't attracted the
critical mass to become a priority for inclusion into the main Openssh codebase.

I think this feature makes Openssh much more powerful: simple secure logins
across the network, without having to type a password, yet without any
user-managed keys that can be lost or compromised.

I would like to humbly suggest that Red Hat consider including Simon's patch
with your distributed version of openssh.
Comment 1 Eric Seppanen 2003-02-11 07:03:47 UTC 
Perhaps I'm being a pest, but since my earlier comments still apply (and
nobody's replied or changed the status from NEW), I'm bumping the version to 8.0.
Comment 2 Damien Miller 2003-04-04 09:53:38 UTC 
No, the patch is based upon an internet-draft which is still in flux. If and
when the draft stabilises, then we may consider adding it to core OpenSSH. Until
then it would be irresponsible to widely deploy it.
Comment 3 Tomas Mraz 2005-02-04 13:00:58 UTC 
Kerberos support is in the current releases.