Pending OpenSSH release: contains Kerberos/GSSAPI changes

sxw at inf.ed.ac.uk sxw at inf.ed.ac.uk
Fri Jan 23 03:03:15 EST 2004


On Thu, 22 Jan 2004, Douglas E. Engert wrote:

> We are using using Simon's current mods with the "gssapi" method. 
> The new code implements the "gssapi-with-mic". I don't see a transition
> stratagy to get from using "gssapi" to get to using "gssapi-with-mic",
> other then to update all clients and servers at the same time. 
> (The SecurtCRT for Windows, does appear to work with either.)

There is no transition strategy in the OpenSSH code, nor do I think there 
should be one. 

I will probably provide _for this release only_ patches which allow sites 
to enable 'gssapi' authentication for backwards compatibility. Those sites 
will generally have been using my patches anyway, so I don't see any 
problem with this existing outside the main code base.

Cheers,

Simon.





More information about the openssh-unix-dev mailing list