Ubuntu
openssh package

[PATCH] Kerberos support in OpenSSH by default

Bug #36206 reported by Andrew J. Forgue on 2005-07-15

Affects		Status	Importance	Assigned to	Milestone
	openssh (Ubuntu)	Fix Released	Wishlist	Colin Watson

Bug Description

To support the <a
href="http://udu.wiki.ubuntu.com/KerberizingUbuntu">KerberizingUbuntu</a> on the
UDU wiki, here's a patch to support GSSAPI (gssapi-with-mic). It doesn't apply
the patch to the udebs (AFAICT).

Revision history for this message

Andrew J. Forgue (forgue) wrote on 2005-07-15:

GSSAPI/Kerberos support to ssh Edit (3.2 KiB, text/plain)

Created an attachment (id=3008)
GSSAPI/Kerberos support to ssh

Sorry, I didn't think bugzilla auto linked URLs.

Revision history for this message

Colin Watson (cjwatson) wrote on 2005-09-14:

This patch is insufficient for many Kerberos users; I'm told that the GSSAPI key
exchange patch is also needed.

In any event, I've recently been working with Stephen Frost to get this sorted
out in Debian, and that's now done in openssh 1:4.2p1-2. That's too late for
Ubuntu 5.10, but we'll get this in Ubuntu 6.04.

Revision history for this message

Colin Watson (cjwatson) wrote on 2005-10-31:

openssh 1:4.2p1-5ubuntu1 uploaded to dapper, fixing this:

openssh (1:4.2p1-2) unstable; urgency=low

  * Annotate 1:4.2p1-1 changelog with CVE references.
  * Add remaining pieces of Kerberos support (closes: #152657, #275472):
    - Add GSSAPI key exchange support from
      http://www.sxw.org.uk/computing/patches/openssh.html (thanks, Stephen
      Frost).
    - Build-depend on libkrb5-dev and configure --with-kerberos5=/usr.
    - openssh-client and openssh-server replace ssh-krb5.
    - Update commented-out Kerberos/GSSAPI options in default sshd_config.
    - Fix HAVE_GSSAPI_KRB5_H/HAVE_GSSAPI_GSSAPI_KRB5_H typos in
      gss-serv-krb5.c.