[33155] in Kerberos
Re: Announce: GSSAPI Key Exchange Patch for OpenSSH 5.7p1
daemon@ATHENA.MIT.EDU (Borislav_S)
Thu Jan 27 14:04:11 2011
From: Borislav_S <borislav.stoichkov@gmail.com>
Date: Wed, 26 Jan 2011 19:20:30 -0800 (PST)
Message-ID: <a59ec6d4-2377-4f9e-a60e-b53becd6b460@h16g2000yqh.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Jan 25, 5:51 am, Simon Wilkinson <s...@inf.ed.ac.uk> wrote:
> Hi,
>
> I'm pleased to announce the availability of my GSSAPI Key Exchange
> patch for OpenSSH 5.7p1. In addition to adding support for key
> exchange, vital for enterprise users of SSH and Kerberos, it also adds
> a number of other GSSAPI related features:
> *) Cascading Credential Renewal - when enabled, credentials
> renewed on your local workstation are automatically forwarded to hosts
> which you have logged in to.
> *) Load balancer support - GSSAPI connections are now supported to
> hosts behind a round-robin DNS load balancer
> *) Multi-homed host support - GSSAPI connections can be performed
> to hosts where each interface has a unique name
> *) Identity selection - the client and server identity can be
> selected, increasing flexibility in complex authentication scenarios.
>
> The latest version of the code is available from the git repository athttps://github.com/SimonWilkinson/gss-openssh/
>
> Patches can be downloaded fromhttp://www.sxw.org.uk/computing/patches/openssh.html
>
> The only changes in this release are those necessary for the patch to
> apply to the 5.7p1 tree.
>
> Cheers,
>
> Simon.
Hi Simon
Are there any guidelines around the round-robin DNS load balancer
support. I went through the changelog and the history but could not
find any details. Is there anything more to it than using
GSSAPIStrictAcceptCheck along with a properly configured keytab file
on the systems behind the load balancer (what I've been doing so far).
Any details will be very helpful. Thanks.
Borislav
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
