Debian Bug report logs - #687517
RFP: gsi-openssh -- secure shell client and server with GSI authentication

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: Mattias Ellert <mattias.ellert@fysast.uu.se>

Date: Thu, 13 Sep 2012 12:00:01 UTC

Severity: wishlist

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#687517; Package wnpp. (Thu, 13 Sep 2012 12:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mattias Ellert <mattias.ellert@fysast.uu.se>:
New Bug report received and forwarded. Copy sent to wnpp@debian.org. (Thu, 13 Sep 2012 12:00:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Mattias Ellert <mattias.ellert@fysast.uu.se>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ITP: gsi-openssh -- secure shell client and server with GSI authentication
Date: Thu, 13 Sep 2012 13:56:57 +0200
[Message part 1 (text/plain, inline)]
Package: wnpp
Severity: wishlist
Owner: Mattias Ellert <mattias.ellert@fysast.uu.se>

* Package name    : gsi-openssh
  Version         : 6.0p1
* URL             : 
* License         : 
  Description     : secure shell client and server with GSI authentication

The gsi-openssh package provides a modified openssh client and server
that supports Globus Security Infrastruction (GSI) authentication.
Since the GSI library, like kerberos, is implemented using the GSSAPI
interface, and linking to more than one GSSAPI implementation in the
same binary is not possible, this modified version does not support
kerberos authentication. This is also the reason why the GSI support
can not be added to the standard Debian openssh package.

If you need kerberos authentication the standard openssh client and
server packages should be used instead of this modified version.

[smime.p7s (application/x-pkcs7-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Mattias Ellert <mattias.ellert@fysast.uu.se>:
Bug#687517; Package wnpp. (Wed, 19 Sep 2012 14:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Mattias Ellert <mattias.ellert@fysast.uu.se>. (Wed, 19 Sep 2012 14:42:03 GMT) Full text and rfc822 format available.

Message #10 received at 687517@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: 687517@bugs.debian.org
Subject: Re: ITP: gsi-openssh -- secure shell client and server with GSI authentication
Date: Wed, 19 Sep 2012 16:38:45 +0200
[Message part 1 (text/plain, inline)]
Hi Mattias.

Why isn't it possible to link against more then one GSSAPI mechanism?

There's even a patch https://bugzilla.mindrot.org/show_bug.cgi?id=958
which seem to just do this (and was just not accepted yet for other
reasons).


I just ask, cause this is quite some heavy duplication of software in
Debian.


Cheers,
Chris.
[smime.p7s (application/x-pkcs7-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#687517; Package wnpp. (Thu, 20 Sep 2012 22:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mattias Ellert <mattias.ellert@fysast.uu.se>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Thu, 20 Sep 2012 22:39:03 GMT) Full text and rfc822 format available.

Message #15 received at 687517@bugs.debian.org (full text, mbox):

From: Mattias Ellert <mattias.ellert@fysast.uu.se>
To: Christoph Anton Mitterer <calestyo@scientia.net>, 687517@bugs.debian.org
Subject: Re: Bug#687517: ITP: gsi-openssh -- secure shell client and server with GSI authentication
Date: Fri, 21 Sep 2012 00:27:49 +0200
[Message part 1 (text/plain, inline)]
ons 2012-09-19 klockan 16:38 +0200 skrev Christoph Anton Mitterer:
> Hi Mattias.
> 
> Why isn't it possible to link against more then one GSSAPI mechanism?
> 
> There's even a patch https://bugzilla.mindrot.org/show_bug.cgi?id=958
> which seem to just do this (and was just not accepted yet for other
> reasons).
> 
> 
> I just ask, cause this is quite some heavy duplication of software in
> Debian.
> 
> 
> Cheers,
> Chris.

The patch attached to the bugzilla report mentioned above is an older
version of the same NCSA patch which is the base for the patch used in
the proposed package. With the older version it is not possible to build
with both kerberos and gsi support either.

The two different gssapi implementations define the same function names
(as defined in the gssapi standard). You can not link a binary to two
different libraries each providing a function "X", and have some calls
to "X" in the binary execute function "X" in one library and have other
calls to the same function "X" in the same binary execute function "X"
in the other library. The linker will choose the version provided by the
first library in the link command and ignore the second.

	Mattias

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Mattias Ellert <mattias.ellert@fysast.uu.se>:
Bug#687517; Package wnpp. (Thu, 20 Sep 2012 23:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Mattias Ellert <mattias.ellert@fysast.uu.se>. (Thu, 20 Sep 2012 23:09:03 GMT) Full text and rfc822 format available.

Message #20 received at 687517@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: 687517@bugs.debian.org
Subject: Re: Bug#687517: ITP: gsi-openssh -- secure shell client and server with GSI authentication
Date: Fri, 21 Sep 2012 01:05:20 +0200
[Message part 1 (text/plain, inline)]
Can't one just dynamically load the desired library?


Cheers,
Chris.
[smime.p7s (application/x-pkcs7-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#687517; Package wnpp. (Mon, 24 Sep 2012 05:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mattias Ellert <mattias.ellert@fysast.uu.se>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Mon, 24 Sep 2012 05:36:03 GMT) Full text and rfc822 format available.

Message #25 received at 687517@bugs.debian.org (full text, mbox):

From: Mattias Ellert <mattias.ellert@fysast.uu.se>
To: Christoph Anton Mitterer <calestyo@scientia.net>, 687517@bugs.debian.org
Subject: Re: Bug#687517: ITP: gsi-openssh -- secure shell client and server with GSI authentication
Date: Mon, 24 Sep 2012 07:33:40 +0200
[Message part 1 (text/plain, inline)]
fre 2012-09-21 klockan 01:05 +0200 skrev Christoph Anton Mitterer:
> Can't one just dynamically load the desired library?

It is not so easy to do.

There exist some instructions on the net for using a modified version of
the mechglue library to implement support for both kerberos and gsi in
the same openssh binary, but this approach is far less tested than the
proposed solution of having two different binaries. The mechglue
solution is also much more complicated to configure - and it introduces
additional configuration that is currently not needed also in order to
support the already available kerberos authentication. The instructions
for the mechglue solution explicitly advises against using it for client
installations but instead use separate binaries for kerberos and gsi.

Using two different binaries is far more simpler, more well tested and
less invasive to existing installations.

Having two different packages is also the solution implemented in
Fedora.

	Mattias

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Mattias Ellert <mattias.ellert@fysast.uu.se>:
Bug#687517; Package wnpp. (Wed, 21 Aug 2013 13:50:44 GMT) Full text and rfc822 format available.

Acknowledgement sent to Lucas Nussbaum <lucas@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Mattias Ellert <mattias.ellert@fysast.uu.se>. (Wed, 21 Aug 2013 13:50:44 GMT) Full text and rfc822 format available.

Message #30 received at 687517@bugs.debian.org (full text, mbox):

From: Lucas Nussbaum <lucas@debian.org>
To: 687517@bugs.debian.org
Cc: control@bugs.debian.org
Subject: gsi-openssh: changing back from ITP to RFP
Date: Wed, 21 Aug 2013 15:44:10 +0200
retitle 687517 RFP: gsi-openssh -- secure shell client and server with GSI authentication
noowner 687517
tag 687517 - pending
thanks

Hi,

A long time ago, you expressed interest in packaging gsi-openssh. Unfortunately,
it seems that it did not happen. In Debian, we try not to keep ITP bugs open
for a too long time, as it might cause other prospective maintainers to
refrain from packaging the software.

This is an automatic email to change the status of gsi-openssh back from ITP
(Intent to Package) to RFP (Request for Package), because this bug hasn't seen
any activity during the last 10 months.

If you are still interested in packaging gsi-openssh, please send a mail to
<control@bugs.debian.org> with:

 retitle 687517 ITP: gsi-openssh -- secure shell client and server with GSI authentication
 owner 687517 !
 thanks

It is also a good idea to document your progress on this ITP from time to
time, by mailing <687517@bugs.debian.org>.  If you need guidance on how to
package this software, please reply to this email, and/or contact the
debian-mentors@lists.debian.org mailing list.

Thank you for your interest in Debian,
-- 
Lucas, for the QA team <debian-qa@lists.debian.org>



Changed Bug title to 'RFP: gsi-openssh -- secure shell client and server with GSI authentication' from 'ITP: gsi-openssh -- secure shell client and server with GSI authentication' Request was from Lucas Nussbaum <lucas@debian.org> to control@bugs.debian.org. (Wed, 21 Aug 2013 13:53:45 GMT) Full text and rfc822 format available.

Removed annotation that Bug was owned by Mattias Ellert <mattias.ellert@fysast.uu.se>. Request was from Lucas Nussbaum <lucas@debian.org> to control@bugs.debian.org. (Wed, 21 Aug 2013 13:53:46 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 10:53:34 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.