Pending OpenSSH release: contains Kerberos/GSSAPI changes
Darren Tucker
dtucker at zip.com.au
Thu Jan 22 12:46:01 EST 2004
(I hope this message is appropriate for these lists. If not, please
tell me and I won't do it again.)
Hi All.
There will be a new release of OpenSSH in a couple of weeks. This
release contains Kerberos and GSSAPI related changes that we would like
to get some feedback about (and hopefully address any issues with)
before the release.
I encourage anyone with an interest in Kerberos/GSSAPI support in
OpenSSH to try a snapshot [1] and send feedback.
Changes in OpenBSD's OpenSSH and -Portable:
- markus at cvs.openbsd.org 2003/11/17 11:06:07
replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
test + ok jakob.
- jakob at cvs.openbsd.org 2003/12/23 16:12:10
implement KerberosGetAFSToken server option. ok markus@, beck@
- markus at cvs.openbsd.org 2003/11/02 11:01:03
remove support for SSH_BUG_GSSAPI_BER; simon at sxw.org.uk
Changes in -Portable only
- (dtucker) Only enable KerberosGetAFSToken if Heimdal's libkafs
is found. with jakob@
- (dtucker) [configure.ac] Use krb5-config where available for
Kerberos/GSSAPI detection, libs and includes. ok djm@
Additionally, as a side effect of the last change, the test for libkafs
is now independant of the Heimdal test, so should a version that works
with MIT Kerberos be available it will be used.
All but the last are in the 20040122 snapshot, and the last will be in
20040123 and up.
Please follow-up to the OpenSSH devel list (cc: the Kerberos lists if
you consider it appropriate).
[1] ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/snapshot/ or
one of the mirrors listed at http://openssh.com/portable.html#mirrors
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list