[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Future of kerberised telnet, login, rsh, ftp?

Donn Cave wrote:

> On Jul 5, 2005, at 7:07 PM, Russ Allbery wrote:
> [... re ssh supplanting telnet/ftp ...]
>> I would hope that it could eventually, but OpenSSH's GSSAPI support is
>> currently not sufficient to allow it to do so.  For so long as one  needs
>> third-party patches to OpenSSH for adequate Kerberos support, I don't
>> think that we're ready to live in that world.

I believe with version OpenSSH-4.1p1 there are no third party patches needed.
(Unless there is no PAM support.) We have been able to use the
pam session routines to get AFS tokens from delegated gssapi credentials
as well as from pam authentication.

So what patches do people still believe are needed?

> And that's just one ssh implementation.  Has anyone
> heard rumors of movement towards the "adequate"
> brand of GSSAPI support in ssh.com's implementation?

Don't know about ssh.com, But SecureCRT and PuTTY (with patches)
works well with OpenSSH and Kerberos.

> I can't really defend the choice to use ssh.com, but in
> practice it's significant enough to make it even less
> realistic to call SSH2 a Kerberos option.
>     Donn Cave, donn@u.washington.edu
> _______________________________________________
> krbdev mailing list             krbdev@mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev


  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444