This is effectively a bump of bug 958, filed by Jim Basney, to the current version of openssh. Jim maintains a patch for openssh which enables authentication with GSI GSSAPI. Effectively it enables single-sign-on with certificate verification by the client of the host and of the client by the host. This is in use securely by a large number of users in scientific and other computing projects. Patch: http://grid.ncsa.illinois.edu/ssh/installpatch.html http://grid.ncsa.illinois.edu/ssh/dl/patch/ Full releases: https://github.com/globus/gsi-openssh/releases We would like you to review this patch and consider it for inclusion in the standard release of openssh. Currently, we are compelled to recompile and repackage openssh ourselves on both linux and OS X. Practically speaking, it can be hard to keep the packaging going although I believe (hope) the burden on Jim of maintaining the patch itself is fairly low.
*** Bug 958 has been marked as a duplicate of this bug. ***
We don't planning on implementing any additional GSSAPI authentication methods, sorry.
Hi Damien, may I ask for the reason of declining the patch? I am asking as a user which frequently has to deploy manually patched versions of GSI-SSH, which is rather painful and not always possible. Is the patch itself problematic, or is it too difficult / involved to review it? Are you able to enumerate conditions which would allow an acceptance of the patch? Many thanks, Andre.
Hi Andre, I declined it because we barely have the knowledge and environments needed to maintain the existing GSSAPI code, and have no familiarity with GSI nor means to test it.
closing resolved bugs as of 8.6p1 release