updated gssapi diff
Frank Cusack
fcusack at fcusack.com
Mon Aug 11 19:54:29 EST 2003
On Mon, Aug 11, 2003 at 09:50:50AM +0200, Markus Friedl wrote:
> On Sun, Aug 10, 2003 at 04:43:52PM +0200, Jakob Schlyter wrote:
> > this is the proposed gssapi diff against OpenSSH-current (non-portable).
> >
> > note: if this goes in, the old krb5 auth (ssh.com compatible) will be
> > removed.
> >
> > please comment.
>
> how can i disallow gssapi based authentication if the underlying
> kerberos uses DES for example?
You could prevent the underlying kerberos from using DES. If you don't
have a DES host/HOSTNAME key (or ssh/HOSTNAME key) you prevent the use
of DES. Doing it within gssapi is also possible, but more complex.
/fc
More information about the openssh-unix-dev
mailing list