[28505] in Kerberos
Re: GSSAPI Key Exchange Patch for OpenSSH 4.7p1
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Fri Sep 28 17:40:44 2007
Date: Fri, 28 Sep 2007 16:40:23 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: "Douglas E. Engert" <deengert@anl.gov>
Message-ID: <20070928214023.GP11376@Sun.COM>
Mail-Followup-To: "Douglas E. Engert" <deengert@anl.gov>,
Simon Wilkinson <sxw@inf.ed.ac.uk>, heimdal-discuss@sics.se,
openssh-unix-dev@mindrot.org, kerberos@mit.edu
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <46FD7176.3020108@anl.gov>
Cc: openssh-unix-dev@mindrot.org, Simon Wilkinson <sxw@inf.ed.ac.uk>,
heimdal-discuss@sics.se, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Fri, Sep 28, 2007 at 04:26:14PM -0500, Douglas E. Engert wrote:
> Sounds interesting. And yes, I would be interested in
> the cascading credentials delegation code. Does the
> delegation code depend on the key exchange code?
Protocol-wise, yes, it does.
There's two ways to use the GSS-API in SSHv2:
- userauth only, but this happens once at the start of the session, so
you can't delegate credentials after that
- key exchange (and optionally userauth), which can be done again and
again over the lifetime of the session
Nico
--
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos