Kerberos and OpenSSH - Was:Kerberos password auth/expiry kbdint patch
Stephen Frost
sfrost at snowman.net
Fri May 16 21:54:38 EST 2003
* Markus Friedl (markus at openbsd.org) wrote:
> On Fri, May 16, 2003 at 02:20:09AM +0100, Simon Wilkinson wrote:
> > The protocol v1 code returns a response packet from the server to the
> > client. The v2 code doesn't do this (AIUI the kerberos-2 protocol
> > doesn't support it), and so can't perform mutual authentication.
>
> SSH already provides server authentication.
That's crap, plain and simple. SSH should not pretend to be doing
Kerberos authentication while really not. Either support proper
Kerberos or don't and we'll continue to use Simon's patches which
provide proper Kerberos support. It's a shame that SSH can't manage to
do proper Kerberos support but pretending like it does when it doesn't
is *much* worse.
Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030516/e83e34fb/attachment.bin
More information about the openssh-unix-dev
mailing list