Some GSSAPI/Kerberos Questions
Phil Dibowitz
phil at ipom.com
Tue Feb 10 08:51:13 EST 2004
After reading some more from the archives, a private email, and some
general research, I see that KerbV support has been dropped in favor
of GSSAPI.
Which is fine, and wonderful, I support GSSAPI.
But, erm, the announcement says, "This release contains some GSSAPI
user authentication support to replace legacy KerberosV authentication
support. At present this code is still considered experimental and
SHOULD NOT BE USED."
Confidence inspiring! =)
At USC, we are currently using (patched) 3.6.1p2 which has TGT passing
support in kerb1, which is kinda nice - but doesn't seem to work right
with kerberos password authentication via pam. 3.7.1p2 seems to
support the latter, but drops the former.
For those who have used the GSSAPI stuf in 3.7.1 - have you found it
stable?
When is this code supposed to be considered stable?
I don't seem to see a way to use/try this code at all. I don't see any
docs on it anywhere... am I being blind?
Thanks,
--
Phil Dibowitz phil at ipom.com
Freeware and Technical Pages Insanity Palace of Metallica
http://www.phildev.net/ http://www.ipom.com/
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040209/191b42ef/attachment.bin
More information about the openssh-unix-dev
mailing list