[OpenAFS-devel] New OpenSSH

Douglas E. Engert deengert@anl.gov
Thu, 26 Feb 2004 13:11:56 -0600


Simon Wilkinson wrote:
> 
> Garrett Wollman wrote:
> > <<On Wed, 25 Feb 2004 00:02:31 +0000 (GMT), sxw@inf.ed.ac.uk said:
> >
> >
> >>Also note that gssapi-with-mic is incompatible with the 'gssapi' userauth
> >>authentication method in 3.7, and earlier in my patches. There is also no
> >>support for GSSAPI key exchange.
> >
> >
> > So those of us who depend on this are still stuck with 3.6p1?
> 
> You're stuck with patched 3.6p1 until such time as patches are made
> available for 3.8 :-) These are being worked on, but time is in short
> supply at present. Note that the I-D has changed since the patches for
> 3.6p1, and a new method of verifying the key exchange is now used (the
> previous method was vulnerable to MITM attacks)

I have some mods to 3.8 (which I have sent to Simon) to recognize selected
older versions of 3.6, and use the gssapi rather then gssapi-with-mic. 
They during a conversion. As I too am waiting for Simon's next set of 
patches.

If you are really desperate contact me offline.

> 
> Cheers,
> 
> Simon.
> 
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444