Pending OpenSSH release: contains Kerberos/GSSAPI changes

Steven Michaud smichaud at pobox.com
Fri Jan 23 04:35:54 EST 2004


 > There is no transition strategy in the OpenSSH code, nor do I think
 > there should be one.

Why not?

On Thu Jan 22 16:03:15 MST 2004, Simon Wilkinson wrote:

> On Thu, 22 Jan 2004, Douglas E. Engert wrote:
> 
>> We are using using Simon's current mods with the "gssapi" method. 
>> The new code implements the "gssapi-with-mic". I don't see a transition
>> stratagy to get from using "gssapi" to get to using "gssapi-with-mic",
>> other then to update all clients and servers at the same time. 
>> (The SecurtCRT for Windows, does appear to work with either.)
> 
> There is no transition strategy in the OpenSSH code, nor do I think there 
> should be one. 
> 
> I will probably provide _for this release only_ patches which allow sites 
> to enable 'gssapi' authentication for backwards compatibility. Those sites 
> will generally have been using my patches anyway, so I don't see any 
> problem with this existing outside the main code base.
> 
> Cheers,
> 
> Simon.





More information about the openssh-unix-dev mailing list