[28652] in Kerberos
Re: SSH1 - gss-api - kerberos - java
daemon@ATHENA.MIT.EDU (Ranga Samudrala)
Fri Nov 2 17:20:28 2007
In-Reply-To: <20071102210402.GX11498@Sun.COM>
Mime-Version: 1.0 (Apple Message framework v752.3)
Message-Id: <6E570B65-DE2A-40F0-9D33-F42C1577A0B9@bmc.com>
From: Ranga Samudrala <Ranga_Samudrala@bmc.com>
Date: Fri, 2 Nov 2007 17:20:37 -0400
To: Nicolas Williams <Nicolas.Williams@sun.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I have no control over the version of SSH we have to use. I am trying
to support a client whose Kerberized SSH servers are v1.5-1.2.26
(which is very bad) and have been hacked to communicate using GSS-
API. So, I am looking to see how I can come up with an SSH1 client
that talks GSS-API.
Ranga Samudrala
On Nov 2, 2007, at 5:04 PM, Nicolas Williams wrote:
> On Fri, Nov 02, 2007 at 04:42:56PM -0400, Ranga Samudrala wrote:
>> I am trying to develop a Java SSH client targeting a version of
>> Kerberised SSH1 server talking GSS-API. Does anybody know of anybody
>> else dealing with this scenario? Is there a place I can find SSH1
>> Java API that support communication using GSS-API?
>
> The "Kerberized SSHv1" that floated about some time back is really not
> something that you want to use. Besides being non-standard, there
> were
> issues with it (I don't recall the details). Also, it does not use
> the
> GSS-API, so you'd need a Java implementation of raw Kerberos. You
> could
> probably use the underlying raw Kerberos V implementation in JGSS, but
> you may have to hack on the [fortunately now open source] JDK.
>
> I urge you to upgrade to SSHv2.
>
> Nico
> --
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
