Bug 62985 - Openssh kerberos patch requested
Openssh kerberos patch requested
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
8.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-04-08 17:37 EDT by Eric Seppanen
Modified: 2007-04-18 12:41 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-04 08:00:58 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eric Seppanen 2002-04-08 17:37:59 EDT
Openssh has limited, dated, and buggy support for Kerberos authentication.  For
some time a patch has been maintained by Simon Wilkinson at:

http://www.sxw.org.uk/computing/patches/openssh.html

This patch works very well and has been steadily maintained for some time.  At
the same time it would appear the little Kerberos code in Openssh is suffering
from bit-rot; it seems to be quite incomplete and buggy.  Simon's code seems
quite well respected on the openssh mailing list, but hasn't attracted the
critical mass to become a priority for inclusion into the main Openssh codebase.

I think this feature makes Openssh much more powerful: simple secure logins
across the network, without having to type a password, yet without any
user-managed keys that can be lost or compromised.

I would like to humbly suggest that Red Hat consider including Simon's patch
with your distributed version of openssh.
Comment 1 Eric Seppanen 2003-02-11 02:03:47 EST
Perhaps I'm being a pest, but since my earlier comments still apply (and
nobody's replied or changed the status from NEW), I'm bumping the version to 8.0.
Comment 2 Damien Miller 2003-04-04 04:53:38 EST
No, the patch is based upon an internet-draft which is still in flux. If and
when the draft stabilises, then we may consider adding it to core OpenSSH. Until
then it would be irresponsible to widely deploy it.
Comment 3 Tomas Mraz 2005-02-04 08:00:58 EST
Kerberos support is in the current releases.

Note You need to log in before you can comment on or make changes to this bug.