diff --git a/Makefile.in b/Makefile.in

index 6f001bb3..c31821ac 100644

--- a/Makefile.in

+++ b/Makefile.in

@@ -100,6 +100,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \

 	kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \

 	kexgexc.o kexgexs.o \

 	sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \

+	kexgssc.o \

 	platform-pledge.o platform-tracing.o platform-misc.o

@@ -114,7 +115,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \

 	auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \

 	auth2-none.o auth2-passwd.o auth2-pubkey.o \

 	monitor.o monitor_wrap.o auth-krb5.o \

-	auth2-gss.o gss-serv.o gss-serv-krb5.o \

+	auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \

 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \

 	sftp-server.o sftp-common.o \

 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \

diff --git a/auth.c b/auth.c

index 332b6220..7664aaac 100644

--- a/auth.c

+++ b/auth.c

@@ -399,7 +399,8 @@ auth_root_allowed(struct ssh *ssh, const char *method)

 	case PERMIT_NO_PASSWD:

 		if (strcmp(method, "publickey") == 0 ||

 		    strcmp(method, "hostbased") == 0 ||

-		    strcmp(method, "gssapi-with-mic") == 0)

+		    strcmp(method, "gssapi-with-mic") == 0 ||

+		    strcmp(method, "gssapi-keyex") == 0)

 			return 1;

 		break;

 	case PERMIT_FORCED_ONLY:

@@ -723,99 +724,6 @@ fakepw(void)

 	return (&fake);

 }

-/*

- * Returns the remote DNS hostname as a string. The returned string must not

- * be freed. NB. this will usually trigger a DNS query the first time it is

- * called.

- * This function does additional checks on the hostname to mitigate some

- * attacks on legacy rhosts-style authentication.

- * XXX is RhostsRSAAuthentication vulnerable to these?

- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)

- */

-

-static char *

-remote_hostname(struct ssh *ssh)

-{

-	struct sockaddr_storage from;

-	socklen_t fromlen;

-	struct addrinfo hints, *ai, *aitop;

-	char name[NI_MAXHOST], ntop2[NI_MAXHOST];

-	const char *ntop = ssh_remote_ipaddr(ssh);

-

-	/* Get IP address of client. */

-	fromlen = sizeof(from);

-	memset(&from, 0, sizeof(from));

-	if (getpeername(ssh_packet_get_connection_in(ssh),

-	    (struct sockaddr *)&from, &fromlen) < 0) {

-		debug("getpeername failed: %.100s", strerror(errno));

-		return strdup(ntop);

-	}

-

-	ipv64_normalise_mapped(&from, &fromlen);

-	if (from.ss_family == AF_INET6)

-		fromlen = sizeof(struct sockaddr_in6);

-

-	debug3("Trying to reverse map address %.100s.", ntop);

-	/* Map the IP address to a host name. */

-	if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),

-	    NULL, 0, NI_NAMEREQD) != 0) {

-		/* Host name not found.  Use ip address. */

-		return strdup(ntop);

-	}

-

-	/*

-	 * if reverse lookup result looks like a numeric hostname,

-	 * someone is trying to trick us by PTR record like following:

-	 *	1.1.1.10.in-addr.arpa.	IN PTR	2.3.4.5

-	 */

-	memset(&hints, 0, sizeof(hints));

-	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/

-	hints.ai_flags = AI_NUMERICHOST;

-	if (getaddrinfo(name, NULL, &hints, &ai) == 0) {

-		logit("Nasty PTR record \"%s\" is set up for %s, ignoring",

-		    name, ntop);

-		freeaddrinfo(ai);

-		return strdup(ntop);

-	}

-

-	/* Names are stored in lowercase. */

-	lowercase(name);

-

-	/*

-	 * Map it back to an IP address and check that the given

-	 * address actually is an address of this host.  This is

-	 * necessary because anyone with access to a name server can

-	 * define arbitrary names for an IP address. Mapping from

-	 * name to IP address can be trusted better (but can still be

-	 * fooled if the intruder has access to the name server of

-	 * the domain).

-	 */

-	memset(&hints, 0, sizeof(hints));

-	hints.ai_family = from.ss_family;

-	hints.ai_socktype = SOCK_STREAM;

-	if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {

-		logit("reverse mapping checking getaddrinfo for %.700s "

-		    "[%s] failed.", name, ntop);

-		return strdup(ntop);

-	}

-	/* Look for the address from the list of addresses. */

-	for (ai = aitop; ai; ai = ai->ai_next) {

-		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,

-		    sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&

-		    (strcmp(ntop, ntop2) == 0))

-				break;

-	}

-	freeaddrinfo(aitop);

-	/* If we reached the end of the list, the address was not there. */

-	if (ai == NULL) {

-		/* Address not found for the host name. */

-		logit("Address %.100s maps to %.600s, but this does not "

-		    "map back to the address.", ntop, name);

-		return strdup(ntop);

-	}

-	return strdup(name);

-}

-

 /*

  * Return the canonical name of the host in the other side of the current

  * connection.  The host name is cached, so it is efficient to call this

diff --git a/auth2-gss.c b/auth2-gss.c

index 9351e042..d6446c0c 100644

--- a/auth2-gss.c

+++ b/auth2-gss.c

@@ -1,7 +1,7 @@

 /* $OpenBSD: auth2-gss.c,v 1.29 2018/07/31 03:10:27 djm Exp $ */

 /*

- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.

+ * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.

  *

  * Redistribution and use in source and binary forms, with or without

  * modification, are permitted provided that the following conditions

@@ -54,6 +54,48 @@ static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh);

 static int input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh);

 static int input_gssapi_errtok(int, u_int32_t, struct ssh *);

+/*

+ * The 'gssapi_keyex' userauth mechanism.

+ */

+static int

+userauth_gsskeyex(struct ssh *ssh)

+{

+	Authctxt *authctxt = ssh->authctxt;

+	int r, authenticated = 0;

+	struct sshbuf *b = NULL;

+	gss_buffer_desc mic, gssbuf;

+	u_char *p;

+	size_t len;

+

+	if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||

+	    (r = sshpkt_get_end(ssh)) != 0)

+		fatal("%s: %s", __func__, ssh_err(r));

+

+	if ((b = sshbuf_new()) == NULL)

+		fatal("%s: sshbuf_new failed", __func__);

+

+	mic.value = p;

+	mic.length = len;

+

+	ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,

+	    "gssapi-keyex");

+

+	if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)

+		fatal("%s: sshbuf_mutable_ptr failed", __func__);

+	gssbuf.length = sshbuf_len(b);

+

+	/* gss_kex_context is NULL with privsep, so we can't check it here */

+	if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context,

+	    &gssbuf, &mic))))

+		authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,

+		    authctxt->pw, 1));

+

+	sshbuf_free(b);

+	free(mic.value);

+

+	return (authenticated);

+}

+

 /*

  * We only support those mechanisms that we know about (ie ones that we know

  * how to check local user kuserok and the like)

@@ -260,7 +302,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)

 	if ((r = sshpkt_get_end(ssh)) != 0)

 		fatal("%s: %s", __func__, ssh_err(r));

-	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));

+	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,

+	    authctxt->pw, 1));

 	if ((!use_privsep || mm_is_monitor()) &&

 	    (displayname = ssh_gssapi_displayname()) != NULL)

@@ -306,7 +349,8 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)

 	gssbuf.length = sshbuf_len(b);

 	if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))

-		authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));

+		authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,

+		    authctxt->pw, 0));

 	else

 		logit("GSSAPI MIC check failed");

@@ -326,6 +370,12 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)

 	return 0;

 }

+Authmethod method_gsskeyex = {

+	"gssapi-keyex",

+	userauth_gsskeyex,

+	&options.gss_authentication

+};

+

 Authmethod method_gssapi = {

 	"gssapi-with-mic",

 	userauth_gssapi,

diff --git a/auth2.c b/auth2.c

index 16ae1a36..7417eafa 100644

--- a/auth2.c

+++ b/auth2.c

@@ -75,6 +75,7 @@ extern Authmethod method_passwd;

 extern Authmethod method_kbdint;

 extern Authmethod method_hostbased;

 #ifdef GSSAPI

+extern Authmethod method_gsskeyex;

 extern Authmethod method_gssapi;

 #endif

@@ -82,6 +83,7 @@ Authmethod *authmethods[] = {

 	&method_none,

 	&method_pubkey,

 #ifdef GSSAPI

+	&method_gsskeyex,

 	&method_gssapi,

 #endif

 	&method_passwd,

diff --git a/canohost.c b/canohost.c

index f71a0856..404731d2 100644

--- a/canohost.c

+++ b/canohost.c

@@ -35,6 +35,99 @@

 #include "canohost.h"

 #include "misc.h"

+/*

+ * Returns the remote DNS hostname as a string. The returned string must not

+ * be freed. NB. this will usually trigger a DNS query the first time it is

+ * called.

+ * This function does additional checks on the hostname to mitigate some

+ * attacks on legacy rhosts-style authentication.

+ * XXX is RhostsRSAAuthentication vulnerable to these?

+ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)

+ */

+

+char *

+remote_hostname(struct ssh *ssh)

+{

+	struct sockaddr_storage from;

+	socklen_t fromlen;

+	struct addrinfo hints, *ai, *aitop;

+	char name[NI_MAXHOST], ntop2[NI_MAXHOST];

+	const char *ntop = ssh_remote_ipaddr(ssh);

+

+	/* Get IP address of client. */

+	fromlen = sizeof(from);

+	memset(&from, 0, sizeof(from));

+	if (getpeername(ssh_packet_get_connection_in(ssh),

+	    (struct sockaddr *)&from, &fromlen) < 0) {

+		debug("getpeername failed: %.100s", strerror(errno));

+		return strdup(ntop);

+	}

+

+	ipv64_normalise_mapped(&from, &fromlen);

+	if (from.ss_family == AF_INET6)

+		fromlen = sizeof(struct sockaddr_in6);

+

+	debug3("Trying to reverse map address %.100s.", ntop);

+	/* Map the IP address to a host name. */

+	if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),

+	    NULL, 0, NI_NAMEREQD) != 0) {

+		/* Host name not found.  Use ip address. */

+		return strdup(ntop);

+	}

+

+	/*

+	 * if reverse lookup result looks like a numeric hostname,

+	 * someone is trying to trick us by PTR record like following:

+	 *	1.1.1.10.in-addr.arpa.	IN PTR	2.3.4.5

+	 */

+	memset(&hints, 0, sizeof(hints));

+	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/

+	hints.ai_flags = AI_NUMERICHOST;

+	if (getaddrinfo(name, NULL, &hints, &ai) == 0) {

+		logit("Nasty PTR record \"%s\" is set up for %s, ignoring",

+		    name, ntop);

+		freeaddrinfo(ai);

+		return strdup(ntop);

+	}

+

+	/* Names are stored in lowercase. */

+	lowercase(name);

+

+	/*

+	 * Map it back to an IP address and check that the given

+	 * address actually is an address of this host.  This is

+	 * necessary because anyone with access to a name server can

+	 * define arbitrary names for an IP address. Mapping from

+	 * name to IP address can be trusted better (but can still be

+	 * fooled if the intruder has access to the name server of

+	 * the domain).

+	 */

+	memset(&hints, 0, sizeof(hints));

+	hints.ai_family = from.ss_family;

+	hints.ai_socktype = SOCK_STREAM;

+	if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {

+		logit("reverse mapping checking getaddrinfo for %.700s "

+		    "[%s] failed.", name, ntop);

+		return strdup(ntop);

+	}

+	/* Look for the address from the list of addresses. */

+	for (ai = aitop; ai; ai = ai->ai_next) {

+		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,

+		    sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&

+		    (strcmp(ntop, ntop2) == 0))

+				break;

+	}

+	freeaddrinfo(aitop);

+	/* If we reached the end of the list, the address was not there. */

+	if (ai == NULL) {

+		/* Address not found for the host name. */

+		logit("Address %.100s maps to %.600s, but this does not "

+		    "map back to the address.", ntop, name);

+		return strdup(ntop);

+	}

+	return strdup(name);

+}

+

 void

 ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)

 {

diff --git a/canohost.h b/canohost.h

index 26d62855..0cadc9f1 100644

--- a/canohost.h

+++ b/canohost.h

@@ -15,6 +15,9 @@

 #ifndef _CANOHOST_H

 #define _CANOHOST_H

+struct ssh;

+

+char		*remote_hostname(struct ssh *);

 char		*get_peer_ipaddr(int);

 int		 get_peer_port(int);

 char		*get_local_ipaddr(int);

diff --git a/clientloop.c b/clientloop.c

index 521467bd..a0578e9d 100644

--- a/clientloop.c

+++ b/clientloop.c

@@ -112,6 +112,10 @@

 #include "ssherr.h"

 #include "hostfile.h"

+#ifdef GSSAPI

+#include "ssh-gss.h"

+#endif

+

 /* import options */

 extern Options options;

@@ -1374,9 +1378,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,

 			break;

 		/* Do channel operations unless rekeying in progress. */

-		if (!ssh_packet_is_rekeying(ssh))

+		if (!ssh_packet_is_rekeying(ssh)) {

 			channel_after_select(ssh, readset, writeset);

+#ifdef GSSAPI

+			if (options.gss_renewal_rekey &&

+			    ssh_gssapi_credentials_updated(NULL)) {

+				debug("credentials updated - forcing rekey");

+				need_rekeying = 1;

+			}

+#endif

+		}

+

 		/* Buffer input from the connection.  */

 		client_process_net_input(ssh, readset);

diff --git a/configure.ac b/configure.ac

index 30be6c18..2869f704 100644

--- a/configure.ac

+++ b/configure.ac

@@ -665,6 +665,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))

 	    [Use tunnel device compatibility to OpenBSD])

 	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],

 	    [Prepend the address family to IP tunnel traffic])

+	AC_MSG_CHECKING([if we have the Security Authorization Session API])

+	AC_TRY_COMPILE([#include <Security/AuthSession.h>],

+		[SessionCreate(0, 0);],

+		[ac_cv_use_security_session_api="yes"

+		 AC_DEFINE([USE_SECURITY_SESSION_API], [1],

+			[platform has the Security Authorization Session API])

+		 LIBS="$LIBS -framework Security"

+		 AC_MSG_RESULT([yes])],

+		[ac_cv_use_security_session_api="no"

+		 AC_MSG_RESULT([no])])

+	AC_MSG_CHECKING([if we have an in-memory credentials cache])

+	AC_TRY_COMPILE(

+		[#include <Kerberos/Kerberos.h>],

+		[cc_context_t c;

+		 (void) cc_initialize (&c, 0, NULL, NULL);],

+		[AC_DEFINE([USE_CCAPI], [1],

+			[platform uses an in-memory credentials cache])

+		 LIBS="$LIBS -framework Security"

+		 AC_MSG_RESULT([yes])

+		 if test "x$ac_cv_use_security_session_api" = "xno"; then

+			AC_MSG_ERROR([*** Need a security framework to use the credentials cache API ***])

+		fi],

+		[AC_MSG_RESULT([no])]

+	)

 	m4_pattern_allow([AU_IPv])

 	AC_CHECK_DECL([AU_IPv4], [],

 	    AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])

diff --git a/gss-genr.c b/gss-genr.c

index d56257b4..3eaa5fa5 100644

--- a/gss-genr.c

+++ b/gss-genr.c

@@ -1,7 +1,7 @@

 /* $OpenBSD: gss-genr.c,v 1.26 2018/07/10 09:13:30 djm Exp $ */

 /*

- * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.

+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.

  *

  * Redistribution and use in source and binary forms, with or without

  * modification, are permitted provided that the following conditions

@@ -41,12 +41,36 @@

 #include "sshbuf.h"

 #include "log.h"

 #include "ssh2.h"

+#include "cipher.h"

+#include "sshkey.h"

+#include "kex.h"

+#include "digest.h"

+#include "packet.h"

 #include "ssh-gss.h"

 extern u_char *session_id2;

 extern u_int session_id2_len;

+typedef struct {

+	char *encoded;

+	gss_OID oid;

+} ssh_gss_kex_mapping;

+

+/*

+ * XXX - It would be nice to find a more elegant way of handling the

+ * XXX   passing of the key exchange context to the userauth routines

+ */

+

+Gssctxt *gss_kex_context = NULL;

+

+static ssh_gss_kex_mapping *gss_enc2oid = NULL;

+

+int

+ssh_gssapi_oid_table_ok(void) {

+	return (gss_enc2oid != NULL);

+}

+

 /* sshbuf_get for gss_buffer_desc */

 int

 ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g)

@@ -62,6 +86,161 @@ ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g)

 	return 0;

 }

+/* sshpkt_get of gss_buffer_desc */

+int

+ssh_gssapi_sshpkt_get_buffer_desc(struct ssh *ssh, gss_buffer_desc *g)

+{

+	int r;

+	u_char *p;

+	size_t len;

+

+	if ((r = sshpkt_get_string(ssh, &p, &len)) != 0)

+		return r;

+	g->value = p;

+	g->length = len;

+	return 0;

+}

+

+/*

+ * Return a list of the gss-group1-sha1 mechanisms supported by this program

+ *

+ * We test mechanisms to ensure that we can use them, to avoid starting

+ * a key exchange with a bad mechanism

+ */

+

+char *

+ssh_gssapi_client_mechanisms(const char *host, const char *client,

+    const char *kex) {

+	gss_OID_set gss_supported = NULL;

+	OM_uint32 min_status;

+

+	if (GSS_ERROR(gss_indicate_mechs(&min_status, &gss_supported)))

+		return NULL;

+

+	return ssh_gssapi_kex_mechs(gss_supported, ssh_gssapi_check_mechanism,

+	    host, client, kex);

+}

+

+char *

+ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,

+    const char *host, const char *client, const char *kex) {

+	struct sshbuf *buf = NULL;

+	size_t i;

+	int r, oidpos, enclen;

+	char *mechs, *encoded;

+	u_char digest[SSH_DIGEST_MAX_LENGTH];

+	char deroid[2];

+	struct ssh_digest_ctx *md = NULL;

+	char *s, *cp, *p;

+

+	if (gss_enc2oid != NULL) {

+		for (i = 0; gss_enc2oid[i].encoded != NULL; i++)

+			free(gss_enc2oid[i].encoded);

+		free(gss_enc2oid);

+	}

+

+	gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) *

+	    (gss_supported->count + 1));

+

+	if ((buf = sshbuf_new()) == NULL)

+		fatal("%s: sshbuf_new failed", __func__);

+

+	oidpos = 0;

+	s = cp = xstrdup(kex);

+	for (i = 0; i < gss_supported->count; i++) {

+		if (gss_supported->elements[i].length < 128 &&

+		    (*check)(NULL, &(gss_supported->elements[i]), host, client)) {

+

+			deroid[0] = SSH_GSS_OIDTYPE;

+			deroid[1] = gss_supported->elements[i].length;

+

+			if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||

+			    (r = ssh_digest_update(md, deroid, 2)) != 0 ||

+			    (r = ssh_digest_update(md,

+			        gss_supported->elements[i].elements,

+			        gss_supported->elements[i].length)) != 0 ||

+			    (r = ssh_digest_final(md, digest, sizeof(digest))) != 0)

+				fatal("%s: digest failed: %s", __func__,

+				    ssh_err(r));

+			ssh_digest_free(md);

+			md = NULL;

+

+			encoded = xmalloc(ssh_digest_bytes(SSH_DIGEST_MD5)

+			    * 2);

+			enclen = __b64_ntop(digest,

+			    ssh_digest_bytes(SSH_DIGEST_MD5), encoded,

+			    ssh_digest_bytes(SSH_DIGEST_MD5) * 2);

+

+			cp = strncpy(s, kex, strlen(kex));

+			for ((p = strsep(&cp, ",")); p && *p != '\0';

+				(p = strsep(&cp, ","))) {

+				if (sshbuf_len(buf) != 0 &&

+				    (r = sshbuf_put_u8(buf, ',')) != 0)

+					fatal("%s: sshbuf_put_u8 error: %s",

+					    __func__, ssh_err(r));

+				if ((r = sshbuf_put(buf, p, strlen(p))) != 0 ||

+				    (r = sshbuf_put(buf, encoded, enclen)) != 0)

+					fatal("%s: sshbuf_put error: %s",

+					    __func__, ssh_err(r));

+			}

+

+			gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);

+			gss_enc2oid[oidpos].encoded = encoded;

+			oidpos++;

+		}

+	}

+	free(s);

+	gss_enc2oid[oidpos].oid = NULL;

+	gss_enc2oid[oidpos].encoded = NULL;

+

+	if ((mechs = sshbuf_dup_string(buf)) == NULL)

+		fatal("%s: sshbuf_dup_string failed", __func__);

+

+	sshbuf_free(buf);

+

+	if (strlen(mechs) == 0) {

+		free(mechs);

+		mechs = NULL;

+	}

+

+	return (mechs);

+}

+

+gss_OID

+ssh_gssapi_id_kex(Gssctxt *ctx, char *name, int kex_type) {

+	int i = 0;

+

+#define SKIP_KEX_NAME(type) \

+	case type: \

+		if (strlen(name) < sizeof(type##_ID)) \

+			return GSS_C_NO_OID; \

+		name += sizeof(type##_ID) - 1; \

+		break;

+

+	switch (kex_type) {

+	SKIP_KEX_NAME(KEX_GSS_GRP1_SHA1)

+	SKIP_KEX_NAME(KEX_GSS_GRP14_SHA1)

+	SKIP_KEX_NAME(KEX_GSS_GRP14_SHA256)

+	SKIP_KEX_NAME(KEX_GSS_GRP16_SHA512)

+	SKIP_KEX_NAME(KEX_GSS_GEX_SHA1)

+	SKIP_KEX_NAME(KEX_GSS_NISTP256_SHA256)

+	SKIP_KEX_NAME(KEX_GSS_C25519_SHA256)

+	default:

+		return GSS_C_NO_OID;

+	}

+

+#undef SKIP_KEX_NAME

+

+	while (gss_enc2oid[i].encoded != NULL &&

+	    strcmp(name, gss_enc2oid[i].encoded) != 0)

+		i++;

+

+	if (gss_enc2oid[i].oid != NULL && ctx != NULL)

+		ssh_gssapi_set_oid(ctx, gss_enc2oid[i].oid);

+

+	return gss_enc2oid[i].oid;

+}

+

 /* Check that the OID in a data stream matches that in the context */

 int

 ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)

@@ -218,7 +397,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,

 	}

 	ctx->major = gss_init_sec_context(&ctx->minor,

-	    GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid,

+	    ctx->client_creds, &ctx->context, ctx->name, ctx->oid,

 	    GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,

 	    0, NULL, recv_tok, NULL, send_tok, flags, NULL);

@@ -247,9 +426,43 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)

 	return (ctx->major);

 }

+OM_uint32

+ssh_gssapi_client_identity(Gssctxt *ctx, const char *name)

+{

+	gss_buffer_desc gssbuf;

+	gss_name_t gssname;

+	OM_uint32 status;

+	gss_OID_set oidset;

+

+	gssbuf.value = (void *) name;

+	gssbuf.length = strlen(gssbuf.value);

+

+	gss_create_empty_oid_set(&status, &oidset);

+	gss_add_oid_set_member(&status, ctx->oid, &oidset);

+

+	ctx->major = gss_import_name(&ctx->minor, &gssbuf,

+	    GSS_C_NT_USER_NAME, &gssname);

+

+	if (!ctx->major)

+		ctx->major = gss_acquire_cred(&ctx->minor,

+		    gssname, 0, oidset, GSS_C_INITIATE,

+		    &ctx->client_creds, NULL, NULL);

+

+	gss_release_name(&status, &gssname);

+	gss_release_oid_set(&status, &oidset);

+

+	if (ctx->major)

+		ssh_gssapi_error(ctx);

+

+	return(ctx->major);

+}

+

 OM_uint32

 ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)

 {

+	if (ctx == NULL)

+		return -1;

+

 	if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,

 	    GSS_C_QOP_DEFAULT, buffer, hash)))

 		ssh_gssapi_error(ctx);

@@ -257,6 +470,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)

 	return (ctx->major);

 }

+/* Priviledged when used by server */

+OM_uint32

+ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)

+{

+	if (ctx == NULL)

+		return -1;

+

+	ctx->major = gss_verify_mic(&ctx->minor, ctx->context,

+	    gssbuf, gssmic, NULL);

+

+	return (ctx->major);

+}