| < October 2008 | Matthew Loar > Blog | December 2008 > |
So it turns out that it is pretty darn trivial to build the new upstream GSSAPI support against KfW instead of SSPI. All you have to do is change the Recipe file to build with uxgss instead of wingss, and tweak a couple things to make it compile.
Therefore, I have decided to do this instead of attempting to replace the delay-loading behavior present in the sweb.cz patch. I figure that most sites are going to use either KfW or SSPI, and so making the choice at compile time instead of run time shouldn't be an inconvenience.
No key-exchange support yet, but I am working on it.
You can find it on the PuTTY page.
Russ has released remctl 2.13, which now compiles for Windows without modification. I have updated my remctl page to reflect this and posted new binaries.
You can find these binaries on the remctl page.
So apparently when I wasn't looking, the PuTTY authors added support for GSSAPI, which is great. Unfortunately, they only support SSPI on Windows. Granted, this is the cleanest way, but depending on which version of Windows you are running, SSPI may or may not work for you. If the client and server are in the same realm or AD domain it should work, but cross-realm is dicey since support for client-side host-to-realm mappings wasn't added until Vista. Some people on the Kerberos list expressed disappointment that the PuTTY authors went this route.
So I intend to add this support back in. The PuTTY GSSAPI support has a radically different code layout from my current patch, so the first thing I have done is merge in the PuTTY upstream and streamline my diff against it. The PuTTY code delayloads SSPI, so I'm hoping it will be straightforward to delayload MIT GSSAPI instead.
At the same time, I got a feature request a few months ago for gssapi-keyex support. I haven't made much progress there, but I am determined to fully exploit my current enthusiasm for working on PuTTY - it's always nice to work on projects that are actually useful to other people :).
| < October 2008 | Matthew Loar > Blog | December 2008 > |