krb5 support
Mike Fisk
mfisk at lanl.gov
Fri Dec 3 03:14:35 EST 1999
On Thu, 2 Dec 1999, Dug Song wrote:
> imo, i don't think we should be extending the protocol at all. the only
> exception i could see to that would be GSS-API support, which would
> (theoretically, anyhow) be the last security flavor we'd ever have to add
> (too bad it's so unwieldy and relatively unused).
As far as I can tell, GSS-API has no mechanism for negotiating supported
authentication types. It is purely a way for clients and servers to
interface with authentication libraries and pass credentials across the
wire.
It seems to be mainly used as a way to include Kerberos support.
=====================================================================
Mike Fisk | (505)667-5119 | MS B255
Network Engineering (CIC-5) | | Los Alamos National Lab
mfisk at lanl.gov | FAX: 665-7793 | Los Alamos, NM 87545
More information about the openssh-unix-dev
mailing list