[OpenAFS] New OpenSSH-3.7p1 removes AFS support

Alf Wachsmann alfw@SLAC.Stanford.EDU
Tue, 16 Sep 2003 10:29:03 -0700 (PDT)


On Tue, 16 Sep 2003, J Maynard Gelinas wrote:
>   This may be slightly off-topic for the OpenAFS list, but the latest
> OpenSSH-3.7p1 removes support for AFS, writing Kerberos 5 tickets to files
> (in memory now), and Kerberos 4. Since an exploit for all previous OpenSSH
> releases has just been announced, I'm somewhat confused about how to
> handle this mess. Can anyone suggest a solution for remote logins which
> supports SSH protocols 1 & 2, AFS and Kerberos, and builds properly on
> Redhat Linux 7.x?

We are patching the last version (3.6.1p2) of OpenSSH that still supports
AFS. The patch for this new bug is small enough to do this:
http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h

-- Alf.

-----------------------------------------------------------------------
  Alf Wachsmann                       | e-mail: alfw@slac.stanford.edu
  SLAC Computing Service              | Phone:  +1-650-926-4802
  2575 Sand Hill Road, M/S 97         | FAX:    +1-650-926-3329
  Menlo Park, CA 94025, USA           | Office: Bldg. 50/323
-----------------------------------------------------------------------
                http://www.slac.stanford.edu/~alfw (PGP)
-----------------------------------------------------------------------