[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#328388: openssh-client: please support servers running old GSSAPI code

On Wed, Sep 14, 2005 at 09:21:53PM -0400, Aaron M. Ucko wrote:
> Package: openssh-client
> Version: 1:4.2p1-2
> Severity: normal
> Tags: patch
> 
> Given that openssh-krb5 is frequently several upstream versions
> behind, I am glad to see that the "vanilla" openssh packages now have
> sxw's patch applied and GSSAPI enabled; thanks for going ahead with
> that!

Thank Stephen Frost for (at my request) nagging me until I did it, too.
:-)

> However, I have found that ssh needs a small additional patch
> (attached) in order to work properly with servers sporting older
> versions of the GSSAPI patch, which deal in untagged OIDs and use a
> slightly different name for the authentication method.  I suspect that
> an analogous patch would be necessary to allow newer servers to
> support older clients, but I can't test that combination so readily,
> and I'd argue that that's less important on the grounds that it's no
> harder for users to deploy newer clients than for them to get their
> sysadmins to deploy newer servers.
> 
> Anyway, here's the patch, lifted from openssh-krb5:

OK. This patch looks fine, and I've applied it, except that in
input_gssapi_response it never initialised oidv_free to anything. I've
fixed that up in the obvious way.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: