Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kerberos Support In OpenSSH

Posted by Hemos on from the broader-support-a-good-thing dept.

Dan writes "Marshall Vale writes on behalf of the MIT Kerberos team and several other parties interested in the availability of Kerberos authentication for the SSH protocol. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Marshall says that Kerberos support within OpenSSH may be incomplete and needs more work. In particular, implementing draft-ietf-secsh-gsskeyex in addition to any other Kerberos mechanisms will better serve the needs of Kerberos community. Secondly, he says that they would like to reduce user confusion associated with all of the different options for Kerberos and SSH. He suggests adoption of the GSSAPI key exchange mechanism in the IETF draft (which uses Kerberos to authenticate both parties to each other), in order to avoid man-in-the-middle attacks."

1 of 122 comments (clear)

  1. Well that's a start ... but ... by SuperDuG · · Score: 0, Redundant
    OpenSSH is named Open for good reason. It's Open Sourced! The great thing about it is that you can go ahead and put kerberos support in at any time you want and re-release it. I'm not quite sure what license OpenSSH runs on (guessing BSD, but to lazy to confirm), but you might even be able to release binary only versions and make some dough off of it all as well.

    Sorta just food for thought.

    --
    Ignore the "p2p is theft" trolls, they're just uninformed