Curious about final KRB5/GSSAPI patch inclusion.

Carson Gaspar carson at
Sun May 19 15:43:59 EST 2002

--On Saturday, May 18, 2002 1:24 PM +0200 Daniel Kouril 
<kouril at> wrote:

> Thus, the same openssh binary compiled with
> GSS-API support can work either with krb5 or X.509 authentication -- the
> only thing you have to do is supply the rigth gssapi library. And when
> some more sophisticated implementation of gss library is available (I
> mean mechglue or something similar), more different methods could be used
> with the same GSS code at once.

Ummm... sort-of. GSS-API is _not_ an ABI (binary interface), it's an source 
level API. And each underlying method uses different datatypes. So 
combining more than one in the same binary is non-trivial. And you can't 
just add a new .o - you have to recompile everything that references a 
GSS-API datatype. Feh.

Of course, my GSS-API knowledge is a bit stale, so it's possible they've 
fixed something. But it definitely used to suck.


More information about the openssh-unix-dev mailing list