Kerberos and OpenSSH - Was:Kerberos password auth/expiry kbdint patch

Simon Wilkinson sxw at
Fri May 16 17:42:38 EST 2003

On Fri, 16 May 2003, Markus Friedl wrote:
> SSH already provides server authentication.

Indeed, but only if the user correctly manages the ssh key information.
Doing mutual authentication at the Kerberos layer can add additional
assurance. IMHO, you're mis-using the Kerberos protocol by discarding the
mutual auth packet.  Lack of support for mutual authentication is
one of the reasons cited in the IETF minutes for not adopting the
kerberos-2 protocol.



More information about the openssh-unix-dev mailing list