krb5 support

Mike Fisk mfisk at
Fri Dec 3 03:14:35 EST 1999

On Thu, 2 Dec 1999, Dug Song wrote:

> imo, i don't think we should be extending the protocol at all. the only
> exception i could see to that would be GSS-API support, which would
> (theoretically, anyhow) be the last security flavor we'd ever have to add
> (too bad it's so unwieldy and relatively unused).

As far as I can tell, GSS-API has no mechanism for negotiating supported
authentication types.  It is purely a way for clients and servers to
interface with authentication libraries and pass credentials across the

It seems to be mainly used as a way to include Kerberos support.

Mike Fisk                   | (505)667-5119 | MS B255
Network Engineering (CIC-5) |               | Los Alamos National Lab
mfisk at              | FAX: 665-7793 | Los Alamos, NM  87545

More information about the openssh-unix-dev mailing list