 |
 |
We're editing a total of 6 files. The biggest change is the insertion of a loop into ssh.c, which will function for any mechanisms that use GSSAPI and that are inserted into the currently manually defined list. The changes in the files include Luke's patches. One ugliness that I want to eradicate is the mapping of the mechanism name in the ssh_sspi_acquire_cred() function because it goes counter to how I do things normally... The patches are available for perusal at https://www.dropbox.com/sh/sbqyy7gvzrd3egt/AAAN98WlQuBp1eU67zVWzy8Ya/putty - Please be gentle... I haven't done any C programming in 21 years and was trying to be careful not to insert any C++-isms. ;-) Stefan -----Original Message----- From: Moonshot community list [mailto:[log in to unmask]] On Behalf Of Rhys Smith Sent: 01 August 2014 17:03 To: [log in to unmask] Subject: Re: First draft-ish version of putty+Moonshot :-) Cool :-). Good job. Someone get that man a G&T right now! So... how badly have we played around with the code to get this working? Have we "fixed" the PuTTY negotiation code somewhat, or massaged it to work with Moonshot? The question really is - are the PuTTY guys likely to accept patches for this for stock PuTTY, or are we going to have to maintain a Moonshot enabled version of PuTTY ourselves for a while? Rhys. -- Dr Rhys Smith Identity, Access, and Middleware Specialist Cardiff University & Janet, the UK's research and education network email: [log in to unmask] / [log in to unmask] GPG: 0x4638C985 On 1 Aug 2014, at 16:58, Stefan Paetow <[log in to unmask]> wrote: > Ladies and gentlemen, > > I think we've cracked it. Please download the latest putty-ms-dbg.exe or putty-ms-rel.exe from my DropBox at: > > https://www.dropbox.com/sh/sbqyy7gvzrd3egt/AAAN98WlQuBp1eU67zVWzy8Ya/p > utty > > This should restore Kerberos functionality (Adam has tested this and it appears to work ok), while it now also negotiates OIDs with the server. > > This should conclude the putty activity. Over the weekend and Monday I'll clean up the code a little more. > > With Regards > > Stefan > > -----Original Message----- > From: Rhys Smith [mailto:[log in to unmask]] > Sent: 01 August 2014 10:38 > To: Stefan Paetow > Cc: [log in to unmask] > Subject: Re: First draft-ish version of putty+Moonshot :-) > > For anyone following this by the way - it works for me! > > Lots more work to do to get this ready for real use, but multiple thumbs up to Stefan for getting this working! > > Rhys. > -- > Dr Rhys Smith > Identity, Access, and Middleware Specialist Cardiff University & > Janet, the UK's research and education network > > email: [log in to unmask] / [log in to unmask] > GPG: 0x4638C985 > > > On 26 Jul 2014, at 03:15, Stefan Paetow <[log in to unmask]> wrote: > >> Oh, and I failed to mention what you need to do: >> >> 1. Install the Moonshot SSP on your Windows PC. >> 2. Set up a credential in the credential manager. >> 3. Specify your username under Connection | Data | Auto-login >> Username 4. Specify "Attempt GSSAPI Authentication" under Connection | SSH | Auth | GSSAPI, and also tick the box "Allow GSSAPI credential delegation". >> 5. Set the preference order for the SSPIs used in the same screen as >> 4.) with the Microsoft SSPI first >> >> Log into your chosen SSH server... The first time you should be prompted for a Windows credential. Choose your credential you created in 2.) and then enter the password. >> >> It should then simply log you in next time. >> >> Stefan >> >> >> ________________________________________ >> From: Moonshot community list [[log in to unmask]] on >> behalf of Stefan Paetow [[log in to unmask]] >> Sent: 26 July 2014 02:59 >> To: [log in to unmask] >> Subject: First draft-ish version of putty+Moonshot :-) >> >> Right folks, >> >> After finally resolving something that had me stumped for a week (thanks to Sam's suggestion), I've now got a putty Windows client that speaks Moonshot. Of course, this means that Kerberos support is currently not accessible, but hey, baby steps, right? >> >> Anyone want to test-drive it? :-) >> >> It's at >> https://www.dropbox.com/sh/sbqyy7gvzrd3egt/AAAN98WlQuBp1eU67zVWzy8Ya/ >> p >> utty >> >> I've uploaded the source too, which AFAIK is still the latest dev code from the putty project. And Luke, thank you so very much for the PoC patches. We plumbed them in and most of it worked straight away. >> >> We'll work on enumerating the SSPI providers next, plus the ability to order them. >> >> Have a good weekend! >> >> Stefan >> >> >> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a >> not-for-profit company which is registered in England under No. >> 2881024 and whose Registered Office is at Lumen House, Library >> Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. >> 614944238 >> >> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a >> not-for-profit company which is registered in England under No. >> 2881024 and whose Registered Office is at Lumen House, Library >> Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. >> 614944238 > > > Janet(UK) is a trading name of Jisc Collections and Janet Limited, a > not-for-profit company which is registered in England under No. > 2881024 and whose Registered Office is at Lumen House, Library Avenue, > Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238 Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238