Ondřej Velíšek
2018-08-31 16:51:33 UTC
Hey there,
I'm suffering with integration of new GSSAPI mechanism to OpenSSH. Its
a diploma thesis which part is to proof working of new authentication
mechanism with ssh.
What I do not understand is how SSH is choosing the final mechanism to
use. It has just yes/no option in config. Does OpenSSH have a general
support of GSSAPI?
Or lets reduce it to more common question. What is a recomended way to
use different implementation of Kerberos? (Heimdal, Shishi).
I know there is 'tool' implemented in MIT Kerberos called mechglue.
Which makes possible to configure multiple mechanisms.
However if I understand it correctly, application (SSH) needs to tell
mechglue that it want to use different mechanism than default
(mit_krb).
So again, I would need to configre OpenSSH. I would expect to have
somewhere option to configure /path/to/libgssapi_mylib.so. Am I
missing something?
Thank you and have a beautiful day
Ondrej
I'm suffering with integration of new GSSAPI mechanism to OpenSSH. Its
a diploma thesis which part is to proof working of new authentication
mechanism with ssh.
What I do not understand is how SSH is choosing the final mechanism to
use. It has just yes/no option in config. Does OpenSSH have a general
support of GSSAPI?
Or lets reduce it to more common question. What is a recomended way to
use different implementation of Kerberos? (Heimdal, Shishi).
I know there is 'tool' implemented in MIT Kerberos called mechglue.
Which makes possible to configure multiple mechanisms.
However if I understand it correctly, application (SSH) needs to tell
mechglue that it want to use different mechanism than default
(mit_krb).
So again, I would need to configre OpenSSH. I would expect to have
somewhere option to configure /path/to/libgssapi_mylib.so. Am I
missing something?
Thank you and have a beautiful day
Ondrej