Bug#128888: ITP: ssh-krb5 - A version of OpenSSH patched to support Kerberos Authentication

To: submit@bugs.debian.org
Subject: Bug#128888: ITP: ssh-krb5 - A version of OpenSSH patched to support Kerberos Authentication
From: Sam Hartman <hartmans@debian.org>
Date: 12 Jan 2002 08:13:25 -0500
Message-id: <[🔎] tsl3d1bemq2.fsf@loggerhead.mekinok.com>
Reply-to: Sam Hartman <hartmans@debian.org>, 128888@bugs.debian.org

package: wnpp
severity: wishlist

Hi.  AS discussed below, I intend to package OpenSSH using the current
Debian sources with patches to allow krb5 authentication.  I will use
the patches available at
http://www.sxw.org.uk/computing/patches/openssh.html.  These patches
attempt to comply with draft-ietf-secsh-gss-keyex along with some of
the more common other types of Kerberos authentication.

The Kerberos packaging will follow guidelines agreed on by Debian
kerberos package maintainers and included in
/usr/share/doc/krb5-config/packaging-guidelines.txt.gz.  The package
will likely build withe either Heimdal or MIT Kerberos, although the
version uploaded to non-us will  be compiled against MIT Kerberos.  

Below is previous discussion on this package attempting to justify the
need for yet another ssh package in Debian.

--- Begin Message ---

To: debian-ssh@lists.debian.org
Cc: debian-kerberos@mekinok.com
Subject: [Sam Hartman <hartmans@mekinok.com>] Handling ssh
From: Sam Hartman <hartmans@debian.org>
Date: 11 Jan 2002 05:46:28 -0500
Message-id: <[🔎] tslg05dcghn.fsf@loggerhead.mekinok.com>

Hi.  I sent mail to ssh@packages.debian.org about tthis a while back.
I heard no response.  It is my intent to ITP ssh-krb5 as a package at
priority extra that conflicts with the existing ssh.  I will probably
store configuration files in /etc/ssh rather than /etc/ssh-krb5
because I believe that some time after woody releases we will be able
to get these changes folded into OpenSSH upstream and then hopefully
into the main Debian ssh packages.

This is a heads up for the Kerberos and Ssh community in Debian.

--- Begin Message ---

To: debian-kerberos@mekinok.com
Subject: Handling ssh
From: Sam Hartman <hartmans@mekinok.com>
Date: Wed, 14 Nov 2001 09:34:12 -0500 (EST)
Message-id: <20011114143412.EA6C21EFDC@server0.mekinok.com>


So I suspect I'm not the only one on this list that would like
Kerberized ssh in Debian.  However ssh is somewhat of a moving target;
here are the things we probably want to support:

* The ssh.com sshv1 Kerberos5 protocol (used by MIT among others)
* The ssh Kerberos4 protocol (used by CMU and others) (Is this the
    same  as the krb4 in openssh?)
* draft-ietf-secsh-gss-keyex (standards track protocol)
* The krb5 support in sxw's patches to Openssh 2.5.2 (does anyone use
* this?
   no would be a really really convenient answer)

I propose that I talk to the ssh maintainer and get permission to ITP
an ssh-krb5 that supports the first three listed protocols.I believe
code will exist to do that fairly soon.  I'd rather do that than fold
in Kerberos support because it is so much of a moving target right now
and because it would be asking the ssh maintainer to maintain a lot of
third-party patches.


Reasonable?

_______________________________________________
Debian-kerberos mailing list
Debian-kerberos@mekinok.com
http://mailman.boxedpenguin.com/mailman/listinfo/debian-kerberos

--- End Message ---

Reply to:

Prev by Date: [Sam Hartman <hartmans@mekinok.com>] Handling ssh
Next by Date: Re: [Sam Hartman <hartmans@mekinok.com>] Handling ssh
Previous by thread: Re: [Sam Hartman <hartmans@mekinok.com>] Handling ssh
Next by thread: Broadcasting Solution...
Index(es):
- Date
- Thread