1. 19 Mar, 2014 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 429c595d
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2014-03-19
      
      Patch-Name: gssapi.patch
      429c595d
  2. 25 Feb, 2013 1 commit
  3. 12 Jun, 2007 1 commit
  4. 18 Aug, 2006 2 commits
  5. 05 Aug, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 · d7834353
      Damien Miller authored
           [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
           [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
           [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
           [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
           [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
           [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
           [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
           [serverloop.c session.c session.h sftp-client.c sftp-common.c]
           [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
           [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
           [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
           [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
           [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
           almost entirely get rid of the culture of ".h files that include .h files"
           ok djm, sort of ok stevesk
           makes the pain stop in one easy step
           NB. portable commit contains everything *except* removing includes.h, as
           that will take a fair bit more work as we move headers that are required
           for portability workarounds to defines.h. (also, this step wasn't "easy")
      d7834353
  6. 26 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 22:22:43 · 51096383
      Damien Miller authored
           [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
           [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
           [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
           [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
           [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
           [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
           [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
           [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
           [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
           [ttymodes.h uidswap.h uuencode.h xmalloc.h]
           standardise spacing in $OpenBSD$ tags; requested by deraadt@
      51096383
  7. 22 Jun, 2004 1 commit
    • Darren Tucker's avatar
      - avsm@cvs.openbsd.org 2004/06/21 17:36:31 · 3f9fdc71
      Darren Tucker authored
           [auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
           cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
           monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
           ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
           sshpty.c]
           make ssh -Wshadow clean, no functional changes
           markus@ ok
      
      There are also some portable-specific -Wshadow warnings to be fixed in
      monitor.c and montior_wrap.c.
      3f9fdc71
  8. 23 Feb, 2004 1 commit
  9. 17 Nov, 2003 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2003/11/17 11:06:07 · 0425d401
      Damien Miller authored
           [auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
           [monitor_wrap.h sshconnect2.c ssh-gss.h]
           replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
           test + ok jakob.
      0425d401
  10. 03 Oct, 2003 1 commit
  11. 02 Oct, 2003 1 commit
  12. 26 Aug, 2003 2 commits
    • Darren Tucker's avatar
      - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h · 49aaf4ad
      Darren Tucker authored
         configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
         sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
      49aaf4ad
    • Darren Tucker's avatar
      - markus@cvs.openbsd.org 2003/08/22 10:56:09 · 0efd155c
      Darren Tucker authored
           [auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
           gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
           readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
           ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
           support GSS API user authentication; patches from Simon Wilkinson,
           stripped down and tested by Jakob and myself.
      0efd155c