Pending OpenSSH release: contains Kerberos/GSSAPI changes

Douglas E. Engert deengert at
Fri Jan 23 07:02:32 EST 2004

sxw at wrote:
> On Thu, 22 Jan 2004, Steven Michaud wrote:
> >  > There is no transition strategy in the OpenSSH code, nor do I think
> >  > there should be one.
> >
> > Why not?
> Because 'gssapi' support has only been in one release of OpenSSH, with its
> use specifically discouraged in the release notes.
> Those sites making extensive use of 'gssapi' are already likely to be
> running patched servers. I don't think its excessive to expect them to
> also patch the next OpenSSH release for backwards compatibility, and it
> avoids confusing 'new' users with two different GSSAPI options, one of
> which is less secure.

Simon, I accept your argument. 

I also now have some local mods working that can recognize our older 
OpenSSH clients and servers which have the gssapi patches, and operate
without the MIC. This will let us do an orderly upgrade.  

> Cheers,
> Simon.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at


 Douglas E. Engert  <DEEngert at>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444

More information about the openssh-unix-dev mailing list