1.2.26-compat Kerberos support
John Hawkinson
jhawk at MIT.EDU
Fri Nov 23 05:02:32 EST 2001
Markus Friedl <markus at openbsd.org> wrote on Thu, 22 Nov 2001
at 13:11:38 +0100 in <20011122131137.A24198 at faui02.informatik.uni-erlangen.de>:
> why do you need to touch these files? for MIT K5? or
> for adding back the told ticket passing behaviour?
For adding support for both ticket passing behavor, yes. The MIT k5
patches do touch many of the same files, but I believe that list is all
necessary for supporting both ways of doing tgt passing.
> i have no string opinion about whether the AFS/Kerb tickets
> should be passed before or after authentication, however
> i'd prefer to have it _one_ way, not multiple ways.
Well, I would be rather concerned with breaking compatibility.
Most important, I think, is compatibility with 1.2.26, since that is the
deployed base that I see the most of. That means that the server
needs to accept ticket passing before authentication, and the client
to send the ticket before authenticated.
I would be loathe to break compatibility with 2.9.x and not support
a 2.9.x client with a 3.0.2 server. Do you really think that is acceptable?
--jhawk
More information about the openssh-unix-dev
mailing list