PuTTY wish kerberos-gssapi
This is a mirror. The primary PuTTY web site can be found here
summary: Support for GSSAPI (for Kerberos, GSI, etc)
class: wish: This is a request for an enhancement.
difficulty: taxing: Needs external things we don't have (standards, users etc)
priority: low: We aren't sure whether to fix this or not.
fixed-in: r8138 2008-08-10
We occasionally get requests for Kerberos and/or GSSAPI support.
This looks complicated and messy, and isn't that important to us,
so we're rather unlikely to add it ourselves.
Any proposed solution should take into account our
to be even considered for inclusion. In particular, some submissions
have not taken into account PuTTY's cross-platform nature.
In SSH-2, Kerberos is supported through
describes GSSAPI key exchange and user authentication in SSH-2.
(Some of the patches here appear to be based
on earlier versions of this specification, for instance the userauth
It appears that Globus
GSI authentication also uses GSSAPI, though for some reason needs
a different client implementation (and yet a third if you want to support
Patches we've seen (links are on our Links page):
- Certified Security Solutions have a patched
version of PuTTY which supports Kerberos 5 in SSH-1 and GSSAPI key
exchange and user authentication in SSH-2. For GSSAPI, Win9x/NT
MIT Kerberos library;
Win2K/XP can use Microsoft SSPI.
Another patch (unreviewed): firstname.lastname@example.org
User authentication; secur32.lib (Windows) /
Another patch from sweb.cz adds support
for GSSAPI user authentication using the MIT Kerberos library. (A
previous version of this patch has been reviewed and found wanting.)
Yet another patch: Quest PuTTY (formerly Vintela PuTTY)
3-term BSD licence; GSSAPI (Kerberos-specific?) user
authentication using MS SSPI; not thoroughly reviewed but doesn't look
Centrify provide a
modified version of PuTTY
which uses the Windows SSPI for GSSAPI support. It includes features
specific to their other products.
Audit trail for this wish.
If you want to comment on this web site, see the
(last revision of this bug record was at 2008-10-17 22:04:26 +0100)