Pending OpenSSH release: contains Kerberos/GSSAPI changes

Douglas E. Engert deengert at anl.gov
Fri Jan 23 03:26:03 EST 2004



sxw at inf.ed.ac.uk wrote:
> 
> On Thu, 22 Jan 2004, Douglas E. Engert wrote:
> 
> > We are using using Simon's current mods with the "gssapi" method.
> > The new code implements the "gssapi-with-mic". I don't see a transition
> > stratagy to get from using "gssapi" to get to using "gssapi-with-mic",
> > other then to update all clients and servers at the same time.
> > (The SecurtCRT for Windows, does appear to work with either.)
> 
> There is no transition strategy in the OpenSSH code, nor do I think there
> should be one.
> 
> I will probably provide _for this release only_ patches which allow sites
> to enable 'gssapi' authentication for backwards compatibility. Those sites
> will generally have been using my patches anyway, so I don't see any
> problem with this existing outside the main code base.

That sounds good to me. let me know if you have something to test. 

If it sounds like there are not many other sites with the same problem,
I will look to see if we could live with a strategy of running two sshd or 
providing two clients as we cut over to the new version.   
    
Thanks.

> 
> Cheers,
> 
> Simon.

-- 

 Douglas E. Engert  <DEEngert at anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444




More information about the openssh-unix-dev mailing list