PuTTY wish kerberos-gssapi

Home | Licence | FAQ | Docs | Download | Keys | Links
Mirrors | Updates | Feedback | Changes | Wishlist | Team

summary: Support for GSSAPI (for Kerberos, GSI, etc)
class: wish: This is a request for an enhancement.
difficulty: taxing: Needs external things we don't have (standards, users etc)
priority: low: We aren't sure whether to fix this or not.
fixed-in: r8952 2010-05-20 (0.61) (0.62) (0.63) (0.64) (0.65) (0.66)

We occasionally get requests for Kerberos and/or GSSAPI support.

This looks complicated and messy.

Any proposed solution should take into account our design guidelines to be even considered for inclusion. In particular, some submissions have not taken into account PuTTY's cross-platform nature.

In SSH-2, Kerberos is supported through GSSAPI; RFC 4462 (formerly draft-ietf-secsh-gsskeyex) describes GSSAPI key exchange and user authentication in SSH-2. (Some of the patches here appear to be based on earlier versions of this specification, for instance the userauth method "gssapi".)

It appears that Globus GSI authentication also uses GSSAPI, though for some reason needs a different client implementation (and yet a third if you want to support both).

Patches we've seen (links are on our Links page):

Binary-only versions:

Update: some forms of Kerberos support are now implemented: Things not done:

If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2010-05-22 12:11:35 +0000)