[Gt-eos] gct and gsissh

Frank Scheiner scheiner at hlrs.de
Fri Sep 14 17:54:40 CEST 2018


Hi Mischa, all,

sorry, couldn't make it earlier.

On 09/07/2018 02:31 PM, Mischa Salle wrote:
> For the further future (don't remember whether I mentioned this before),
> one could probably make a different patch based on the adapted OpenSSH
> versions as shipped by RedHat and Debian, which have proper GSSAPI
> support (i.e. not just Kerberos, those patches were pushed by the
> Moonshot people which also requires a proper GSSAPI, and I think were
> based on the GSI-OpenSSH patch). 

I assume this is what Mattias spoke about earlier in [1]:
```
[...]
The gsi patch is these package are smaller than the one in GT upstream,
because part of the changes needed have already been made by the
existing Fedora openssh patches. The gsi patch itself doesn't change
much, but it did need some updates for the openssl 1.1 migration that I
ported from the changes made to the patch in the GT repo.
[...]
```
...,right? I hence assume such a patch is already available from Mattias 
then.

[1]: https://mailman.egi.eu/pipermail/gt-eos/2017-December/000132.html

> It probably still requires a patched
> server, but might be able to use a stock client with just some extra
> modules installed (if I'm not mistaken).

So users could use plain `ssh` with GSI proxy credentials instead of SSH 
keys with these extra modules? Interesting, where can we get more 
information about these modules? And will this also support delegation?

Cheers,
Frank

-- 
Frank Scheiner

High Performance Computing Center Stuttgart (HLRS)
Department Project User Management & Accounting

Email: scheiner at hlrs.de
Phone: +49 711 685 68039

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2293 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.egi.eu/pipermail/discuss/attachments/20180914/81b4f91a/attachment.p7s>


More information about the discuss mailing list