[28505] in Kerberos

home help back first fref pref prev next nref lref last post

Re: GSSAPI Key Exchange Patch for OpenSSH 4.7p1

daemon@ATHENA.MIT.EDU (Nicolas Williams)
Fri Sep 28 17:40:44 2007

Date: Fri, 28 Sep 2007 16:40:23 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: "Douglas E. Engert" <deengert@anl.gov>
Message-ID: <20070928214023.GP11376@Sun.COM>
Mail-Followup-To: "Douglas E. Engert" <deengert@anl.gov>,
	Simon Wilkinson <sxw@inf.ed.ac.uk>, heimdal-discuss@sics.se,
	openssh-unix-dev@mindrot.org, kerberos@mit.edu
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <46FD7176.3020108@anl.gov>
Cc: openssh-unix-dev@mindrot.org, Simon Wilkinson <sxw@inf.ed.ac.uk>,
   heimdal-discuss@sics.se, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On Fri, Sep 28, 2007 at 04:26:14PM -0500, Douglas E. Engert wrote:
> Sounds interesting. And yes,  I would be interested in
> the cascading credentials delegation code. Does the
> delegation code depend on the key exchange code?

Protocol-wise, yes, it does.

There's two ways to use the GSS-API in SSHv2:

 - userauth only, but this happens once at the start of the session, so
   you can't delegate credentials after that

 - key exchange (and optionally userauth), which can be done again and
   again over the lifetime of the session

Nico
-- 
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post