From owner-freebsd-security@FreeBSD.ORG Thu Sep 20 08:41:36 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B24EE16A417 for ; Thu, 20 Sep 2007 08:41:36 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: from blah.sun-fish.com (blah.sun-fish.com [217.18.249.150]) by mx1.freebsd.org (Postfix) with ESMTP id 56C9513C4A7 for ; Thu, 20 Sep 2007 08:41:36 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: by blah.sun-fish.com (Postfix, from userid 1002) id E6A6E1B10EE2; Thu, 20 Sep 2007 10:21:47 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on blah.cmotd.com X-Spam-Level: X-Spam-Status: No, score=-104.4 required=5.0 tests=ALL_TRUSTED,BAYES_00, USER_IN_WHITELIST autolearn=ham version=3.2.3 Received: from hater.cmotd.com (hater.cmotd.com [192.168.3.125]) by blah.sun-fish.com (Postfix) with ESMTP id 9AAE51B10EE0; Thu, 20 Sep 2007 10:21:37 +0200 (CEST) Message-ID: <46F22D91.9070104@moneybookers.com> Date: Thu, 20 Sep 2007 11:21:37 +0300 From: Stefan Lambrev User-Agent: Thunderbird 2.0.0.6 (X11/20070831) MIME-Version: 1.0 To: Kevin Way References: In-Reply-To: Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.91.2/4347/Wed Sep 19 23:01:10 2007 on blah.cmotd.com X-Virus-Status: Clean X-Mailman-Approved-At: Thu, 20 Sep 2007 09:21:51 +0000 Cc: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org Subject: Re: GSSAPI Key Exchange in sshd? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Sep 2007 08:41:36 -0000 Hello, Kevin Way wrote: > I'm curious if there are technical (or other) reasons that prevent > FreeBSD from adding RFC 4462 (GSSAPI Key Exchange) support to sshd. > The MIT Kerberos team first requested this four years ago, and > implementation patches have been available for years at: > http://www.sxw.org.uk/computing/patches/openssh.html > > The author of those patches has offered (without much public response) > to allow integration of the patches into the openssh source > distribution, so I don't think licensing would be an issue. > > This would be incredibly useful to me, as it'd remove the burden of > site-wide ssh host key distribution. I'm using openssh-portable from ports to do this. It is option there so you have a choice. Unfortunately there is no patch available for the latest (4.7) openssh, so we have to wait little. It was explained many times why you should use ports if you want customization for apps like heimdal, openssh and perl (in the past when it was built-in in the base system). Also it is quite more easy to maintain updates, when you use ports version for this. Why it is not part of openssh I can only guess, but I'm sure it involves security problems (just like HPN patch), and that's why it is not part of the source tree of openssh. > > Regards, > Kevin Way > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to > "freebsd-hackers-unsubscribe@freebsd.org" -- Best Wishes, Stefan Lambrev ICQ# 24134177 From owner-freebsd-security@FreeBSD.ORG Thu Sep 20 23:38:18 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6977A16A469 for ; Thu, 20 Sep 2007 23:38:18 +0000 (UTC) (envelope-from rajafreebsd@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.189]) by mx1.freebsd.org (Postfix) with ESMTP id 0B14013C455 for ; Thu, 20 Sep 2007 23:38:17 +0000 (UTC) (envelope-from rajafreebsd@gmail.com) Received: by nf-out-0910.google.com with SMTP id b2so582643nfb for ; Thu, 20 Sep 2007 16:38:17 -0700 (PDT) Received: by 10.78.166.7 with SMTP id o7mr980058hue.1190281789685; Thu, 20 Sep 2007 02:49:49 -0700 (PDT) Received: by 10.78.48.18 with HTTP; Thu, 20 Sep 2007 02:49:49 -0700 (PDT) Message-ID: Date: Thu, 20 Sep 2007 10:49:49 +0100 From: "Raja FreeBSD" To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: OCF X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Sep 2007 23:38:18 -0000 Hi, I am just new to the FreeBSD system and look forward to take active part in contributing. Can someone please guide where can I find OCF source code in FreeBSD and also is there IKE implementation and OpenSWAN ? Regards, Raja From owner-freebsd-security@FreeBSD.ORG Fri Sep 21 09:47:14 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D684D16A41A for ; Fri, 21 Sep 2007 09:47:14 +0000 (UTC) (envelope-from mohacsi@niif.hu) Received: from mail.ki.iif.hu (mail.ki.iif.hu [193.6.222.241]) by mx1.freebsd.org (Postfix) with ESMTP id 9903113C480 for ; Fri, 21 Sep 2007 09:47:14 +0000 (UTC) (envelope-from mohacsi@niif.hu) Received: from localhost (localhost [IPv6:::1]) by mail.ki.iif.hu (Postfix) with ESMTP id 7A45B846D3; Fri, 21 Sep 2007 11:30:23 +0200 (CEST) X-Virus-Scanned: by amavisd-new at mignon.ki.iif.hu Received: from mail.ki.iif.hu ([127.0.0.1]) by localhost (mignon.ki.iif.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id O1Vn2zQpiw4h; Fri, 21 Sep 2007 11:30:16 +0200 (CEST) Received: by mail.ki.iif.hu (Postfix, from userid 9002) id F3C708463C; Fri, 21 Sep 2007 11:30:15 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail.ki.iif.hu (Postfix) with ESMTP id F29A084589; Fri, 21 Sep 2007 11:30:15 +0200 (CEST) Date: Fri, 21 Sep 2007 11:30:15 +0200 (CEST) From: Mohacsi Janos X-X-Sender: mohacsi@mignon.ki.iif.hu To: Raja FreeBSD In-Reply-To: Message-ID: <20070921112745.U55159@mignon.ki.iif.hu> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org Subject: Re: OCF X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Sep 2007 09:47:14 -0000 On Thu, 20 Sep 2007, Raja FreeBSD wrote: > Hi, > > > > I am just new to the FreeBSD system and look forward to take active part in > contributing. > > > > Can someone please guide where can I find OCF source code in FreeBSD and > also is there IKE implementation and OpenSWAN ? For IKE have a look at: http://www.freshports.org/security/ipsec-tools/ Regards, Janos Mohacsi From owner-freebsd-security@FreeBSD.ORG Fri Sep 21 16:14:01 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62BEC16A46E for ; Fri, 21 Sep 2007 16:14:01 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 0C8BD13C480 for ; Fri, 21 Sep 2007 16:14:01 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender:X-Spam-Status:Subject; b=UHLBXhCDw765r0ZF7SC8SYZg08NSWHuwbKXJVperJ8rijnTSHJafa3eRvUMgj+OgWWAITVyPzFC6MUNXaM2FyXTEYWt+lzn9TU+VT+0XbBOVqwWlgR5R9/4YP+Sj40HVOxa4KOQYy0sWQKSRFXhX4Hfq3vU1Xjluq+ORberTwkY=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1IYku6-0000NH-PT; Fri, 21 Sep 2007 19:58:54 +0400 Date: Fri, 21 Sep 2007 19:58:50 +0400 From: Eygene Ryabinkin To: Mohacsi Janos Message-ID: <20070921155850.GM997@void.codelabs.ru> References: <20070921112745.U55159@mignon.ki.iif.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20070921112745.U55159@mignon.ki.iif.hu> Sender: rea-fbsd@codelabs.ru X-Spam-Status: No, score=-2.0 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_50 Cc: freebsd-security@freebsd.org, Raja FreeBSD Subject: Re: OCF X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Sep 2007 16:14:01 -0000 Fri, Sep 21, 2007 at 11:30:15AM +0200, Mohacsi Janos wrote: > >Can someone please guide where can I find OCF source code in FreeBSD and > >also is there IKE implementation and OpenSWAN ? > > For IKE have a look at: > http://www.freshports.org/security/ipsec-tools/ And http://www.freshports.org/security/racoon2/ can be of interest too. -- Eygene