Hi Mark,
>I hope you'll forgive me if I ask them now...
That's what this list is for!
>1) Users placed their unencrypted credentials into file .gss_eap_id and
>connected to a server using a null username '-l ""'. I assume this is a
>work in progress: will the openssh client be developed to avoid the need
>of such a file?
That's the plan.
>e.g. using "-l" to pass the user/realm info and being
>prompted for the password.
I thought that should be possible today, although a colleague informs me
that it provokes a segfault. We should look into this.
>2) I didn't quite understand what the remaining man in the middle attack
>concern was with openssh. Assuming it was discussed on the mailing list,
>can someone give me the relevant phrase to search for, please?
That is due to the lack of support for 'EAP Channel Bindings'. This is
being worked on, and will be integrated in due course.
>PS It was good to meet everyone - thanks for a great couple of days.
No problem, thank you for participating!
Josh.
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
|