[36591] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

gssapi-with-mic vs gssapi-keyex SSH authentication difference?

daemon@ATHENA.MIT.EDU (Rufe Glick)
Fri Oct 31 13:39:02 2014

Date: Fri, 31 Oct 2014 13:38:35 -0400
From: Rufe Glick <rufe.glick@gmail.com>
Message-ID: <464331345.20141031133835@gmail.com>
To: Kerberos Mailing List <kerberos@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Hello,

I have Kerberos infrastructure set up and GSSAPI enabled in ssh_config/sshd_config of the SSH client/server (GSSAPIAuthentication yes). When I connect to the SSH server using verbose mode I see that SSH client uses 'gssapi-with-mic' mode to authenticate itself. Then if I additionally enable 'GSSAPIKeyExchange yes' setting the SSH client prefers the 'gssapi-keyex' method to authenticate itself.

The questions are what does happen under the hood of both of these methods (in simple terms, please)? And what is the essential difference? Also what kind of keys do they exchange when 'gssapi-keyex' auth method is in use?

--
Best regards,
Rufe

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[36591] in Kerberos

gssapi-with-mic vs gssapi-keyex SSH authentication difference?

daemon@ATHENA.MIT.EDU (Rufe Glick)Fri Oct 31 13:39:02 2014

daemon@ATHENA.MIT.EDU (Rufe Glick)
Fri Oct 31 13:39:02 2014