First Last Prev Next    No search results available
Bug 7203 - GSI-OpenSSH use with current GSSAPI mechglue in MIT Kerberos
: GSI-OpenSSH use with current GSSAPI mechglue in MIT Kerberos
Status: NEW
: GSI-OpenSSH
GSI-OpenSSH
: other
: All All
: P3 enhancement
: ---
Assigned To:
: http://grid.ncsa.illinois.edu/gssapi-...
:
:
:
  Show dependency treegraph
 
Reported: 2011-08-17 13:04 by
Modified: 2011-08-17 13:43 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)


Note

You need to log in before you can comment on or make changes to this bug.

Description From 2011-08-17 13:04:29 
To support multiple GSSAPI mechanisms in OpenSSH (i.e., Kerberos and GSI), we
use a custom mechglue library forked from an old version of MIT Kerberos, as
documented here:

  http://grid.ncsa.illinois.edu/gssapi-mechglue/openssh/

We learned at a recent Project Moonshot presentation that the GSSAPI mechglue
included in the MIT Kerberos distribution has been updated to better support
plugging in additional GSSAPI mechanisms (i.e., GSI), so our custom mechglue
library should hopefully no longer be required. However, this requires some
investigation, testing, and documentation on how to use GSI with the current
mechglue capability.

I think the first step is to look at how Project Moonshot does it:

  http://www.project-moonshot.org/devwiki/moonshotapps/

Hopefully we can follow their example for use with GSI.

Volunteers from the community to look into this would be much appreciated. To
volunteer, please assign this bug to yourself.
------- Comment #1 From 2011-08-17 13:43:35 ------- 
I forgot to mention that one very attractive benefit of using mechglue in the
MIT Kerberos libraries is that the operating system default OpenSSH is often
already linked with those libraries, so it's possible we could avoid needing to
distribute separate gsi-openssh packages (RPMs, etc.) and instead load in GSI
support at run-time using standard Kerberos-enabled OpenSSH packages.
First Last Prev Next    No search results available