Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
0.5.0
-
None
Description
I recently raised a couple of improvements which duplicated existing issues and which were fixed in HEAD. Hope this one is not.
I've made some changes to support gssapi-with-mic authentication allowing access to the server without entering a password if in a Kerberos environment. This is beneficial for us because we embed sshd in an application which already provides single sign on using GSSAPI in Unix and Windows.
A patch is attached. The core of the code is in UserAuthGSS; the GSSAuthenticator class is provided to allow parts of the process to be overridden for different environments - for example using a native implemention of GSSManager on Windows to provide easy integration with AD.