[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gsi-openssh] [ANNOUNCE] GSI-OpenSSH 1.4 Released
The GSI-OpenSSH development team is pleased to announce the release of
version 1.4 of the GSI-Enabled OpenSSH software distribution. GSI-OpenSSH
1.4 is based on OpenSSH 3.4p1 and Jim Basney's latest GSI patch for that
version of OpenSSH. A summary of the major changes found in this version
is given at the end of this document.
GSI-OpenSSH 1.4 is available for download from
ftp://ftp.ncsa.uiuc.edu/aces/gssapi-openssh/bundle/1.4/
For installation instructions, please see
http://www.ncsa.uiuc.edu/Divisions/NSM/GST/GSI/openssh/bundle_install.html
For upgrade instructions, please see
http://www.ncsa.uiuc.edu/Divisions/NSM/GST/GSI/openssh/bundle_upgrade.html
We appreciate your feedback and help in testing this version. If you have
any problems, please post them to the GSI-OpenSSH mailing list and we will
try to resolve them quickly as possible.
GSI-OpenSSH 1.4 Major changes
Security-related fixes
* Remove DNS lookup on target hostnames for GSSAPI authentication to
avoid DNS spoofing vulnerability. [1]
New features
* Incorporates support for Globus Toolkit version 2.2.
* Allow connections to localhost via GSI authentication. [1]
Bug fixes
The following bugs were found in GSI-OpenSSH 1.3 (or earlier) and have
been fixed in GSI-OpenSSH 1.4:
* Fixed problem with implicit usernames over GSSAPI user
authentication when GSSAPI key exchange fails. [1]
* Fixed IA64 integer size problem. [1]
* Fixed incorrect path setting for sftp-server on postinstall. [2]
* Remove delegated credential file on logout. [1]
* Fixed random client segfaulting on connection negotiation. [1]
Notes
* GSI-OpenSSH releases 1.0 through 1.3 are not recommended for public
consumption.
Footnotes
[1] Changes made only to the underlying GSI-OpenSSH source code via Jim
Basney's GSI patch.
[2] Changes made only to the packaging infrastructure.