Bug 958 - patch to support GSI GSSAPI mechanism
Summary: patch to support GSI GSSAPI mechanism
Status: CLOSED DUPLICATE of bug 2495
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Miscellaneous (show other bugs)
Version: 3.9p1
Hardware: All All
: P2 enhancement
Assignee: OpenSSH Bugzilla mailing list
URL: http://grid.ncsa.uiuc.edu/ssh/
Keywords:
Depends on:
Blocks:
 
Reported: 2004-12-03 03:27 AEDT by Jim Basney
Modified: 2016-08-02 10:41 AEST (History)
7 users (show)

See Also:

Attachments
patch to add GSI GSSAPI support to OpenSSH (10.25 KB, patch)
2004-12-03 03:29 AEDT, Jim Basney 		no flags Details | Diff
patch to add GSI GSSAPI support to OpenSSH 4.4p1 (9.74 KB, patch)
2006-09-30 02:12 AEST, Jim Basney 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jim Basney 2004-12-03 03:27:06 AEDT 
The following patch adds support for the GSI GSSAPI mechanism to
OpenSSH.  It adds gss-serv-gsi.c (similar to gss-serv-krb5.c) and
modifies Makefile.in, acconfig.h, configure.ac, and gss-serv.c to
support the new GSSAPI mechanism.  It also makes a one-line change to
auth2-gss.c to initialize the flags passed in to
gss_accept_sec_context() as required by the GSI GSSAPI library.

The GSI GSSAPI mechanism implements authentication and delegation
(credential forwarding) for X.509 proxy certificates (RFC3820) and is
implemented by the Globus Toolkit (http://www.globus.org/toolkit/).
We've been using GSI with OpenSSH for over 3 years, using Simon
Wilkinson's OpenSSH GSSAPI patch, and in that time "GSI-enabled"
OpenSSH has become important software for grid computing on, for
example, the TeraGrid (http://www.teragrid.org/).

Now that OpenSSH includes GSSAPI support for Kerberos, we'd be pleased
if you could apply this patch for GSI GSSAPI support.  NCSA is
committed to supporting GSI with OpenSSH, and we'd be responsive to
any issues that come up related to the GSI code in OpenSSH, if you
choose to include it.
Comment 1 Jim Basney 2004-12-03 03:29:07 AEDT 
Created attachment 744 [details]
patch to add GSI GSSAPI support to OpenSSH
Comment 2 Jim Basney 2006-09-30 02:12:08 AEST 
Created attachment 1192 [details]
patch to add GSI GSSAPI support to OpenSSH 4.4p1

Please let me know if there's anything I can do to facilitate the acceptance of this patch.
Comment 3 Christoph Anton Mitterer 2009-09-06 07:57:28 AEST 
Anything new here?
Comment 4 Jim Basney 2009-09-09 07:04:46 AEST 
In reply to Comment 3:

The patch in Attachment 1192 [details] is up-to-date. It applies successfully against OpenSSH 5.2p1 and builds against the latest GSI libraries. We're still using and supporting it. We'd still like to see it incorporated into OpenSSH.
Comment 5 Christoph Anton Mitterer 2009-09-09 08:43:28 AEST 
One should perhaps mention, that this is used by thousands of people all over the grid(s) (not only the worldwide LHC Computing Grid) and not just some obscure 5-people patch ;)
Comment 6 Scott Koranda 2009-09-10 00:27:15 AEST 
Indeed, this functionality is used daily by many, many people working on a large number of science and computing projects. It would be quite helpful to have this functionality added.
Comment 7 Peter Couvares 2011-10-12 04:52:36 AEDT 
I too would like to see this patch applied, for all the aforementioned reasons.  Thousands of us have been using it in production for ~7 years, but maintaining and installing a shadow gsi-openssh package everywhere is an unfortunate and complicated burden.  Is there any specific reason the patch has been ignored?
Comment 8 Tom Downes 2015-11-13 09:13:28 AEDT 
I have created bug 2495 on the latest version of openssh and marked it within the kerberos/GSSAPI component.
Comment 9 Tom Downes 2015-11-13 09:14:02 AEDT 

*** This bug has been marked as a duplicate of bug 2495 ***
Comment 10 Damien Miller 2016-08-02 10:41:54 AEST 
Close all resolved bugs after 7.3p1 release