Pending OpenSSH release: contains Kerberos/GSSAPI changes

sxw at sxw at
Fri Jan 23 04:42:19 EST 2004

On Thu, 22 Jan 2004, Steven Michaud wrote:

>  > There is no transition strategy in the OpenSSH code, nor do I think
>  > there should be one.
> Why not?

Because 'gssapi' support has only been in one release of OpenSSH, with its 
use specifically discouraged in the release notes. 

Those sites making extensive use of 'gssapi' are already likely to be 
running patched servers. I don't think its excessive to expect them to 
also patch the next OpenSSH release for backwards compatibility, and it 
avoids confusing 'new' users with two different GSSAPI options, one of 
which is less secure.



More information about the openssh-unix-dev mailing list