IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: gss userauth
> Is there a list of GSS-API mechanisms that *don't* support integrity
> protection? Could you please post it?
I believe that the SRP GSSAPI mechanism that I've seen an
internet-draft for but not an RFC doesn't do integrity protection, but
it does do some kind of key generation. If you wanted to use that
mechanism as it is currently specified, you'd probably actually want
to either find some other GSSAPI mechanism that provides integrity
protection to use with it, or specify the use of that key generation
somehow. Or perhaps the mechanism could be modified to provide
integrity somehow.
But I'm not aware of anyone ever having any actual intent to use
anything other than krb5 and gsi with ssh-gssapi.
(Also, while SASL and GSSAPI are different, many of the obvious SASL
mechanisms that don't do integrity are things for which there is
already an ssh userauth mechanism that does some approximation of the
same thing.)
Home |
Main Index |
Thread Index |
Old Index