Pending OpenSSH release: contains Kerberos/GSSAPI changes
sxw at inf.ed.ac.uk
sxw at inf.ed.ac.uk
Fri Jan 23 04:42:19 EST 2004
On Thu, 22 Jan 2004, Steven Michaud wrote:
> > There is no transition strategy in the OpenSSH code, nor do I think
> > there should be one.
>
> Why not?
Because 'gssapi' support has only been in one release of OpenSSH, with its
use specifically discouraged in the release notes.
Those sites making extensive use of 'gssapi' are already likely to be
running patched servers. I don't think its excessive to expect them to
also patch the next OpenSSH release for backwards compatibility, and it
avoids confusing 'new' users with two different GSSAPI options, one of
which is less secure.
Cheers,
Simon.
More information about the openssh-unix-dev
mailing list