[OpenAFS] New OpenSSH-3.7p1 removes AFS support
Alf Wachsmann
alfw@SLAC.Stanford.EDU
Tue, 16 Sep 2003 10:29:03 -0700 (PDT)
On Tue, 16 Sep 2003, J Maynard Gelinas wrote:
> This may be slightly off-topic for the OpenAFS list, but the latest
> OpenSSH-3.7p1 removes support for AFS, writing Kerberos 5 tickets to files
> (in memory now), and Kerberos 4. Since an exploit for all previous OpenSSH
> releases has just been announced, I'm somewhat confused about how to
> handle this mess. Can anyone suggest a solution for remote logins which
> supports SSH protocols 1 & 2, AFS and Kerberos, and builds properly on
> Redhat Linux 7.x?
We are patching the last version (3.6.1p2) of OpenSSH that still supports
AFS. The patch for this new bug is small enough to do this:
http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h
-- Alf.
-----------------------------------------------------------------------
Alf Wachsmann | e-mail: alfw@slac.stanford.edu
SLAC Computing Service | Phone: +1-650-926-4802
2575 Sand Hill Road, M/S 97 | FAX: +1-650-926-3329
Menlo Park, CA 94025, USA | Office: Bldg. 50/323
-----------------------------------------------------------------------
http://www.slac.stanford.edu/~alfw (PGP)
-----------------------------------------------------------------------