Pending OpenSSH release: contains Kerberos/GSSAPI changes
Douglas E. Engert
deengert at anl.gov
Fri Jan 23 07:02:32 EST 2004
sxw at inf.ed.ac.uk wrote:
>
> On Thu, 22 Jan 2004, Steven Michaud wrote:
>
> > > There is no transition strategy in the OpenSSH code, nor do I think
> > > there should be one.
> >
> > Why not?
>
> Because 'gssapi' support has only been in one release of OpenSSH, with its
> use specifically discouraged in the release notes.
>
> Those sites making extensive use of 'gssapi' are already likely to be
> running patched servers. I don't think its excessive to expect them to
> also patch the next OpenSSH release for backwards compatibility, and it
> avoids confusing 'new' users with two different GSSAPI options, one of
> which is less secure.
Simon, I accept your argument.
I also now have some local mods working that can recognize our older
OpenSSH clients and servers which have the gssapi patches, and operate
without the MIC. This will let us do an orderly upgrade.
>
> Cheers,
>
> Simon.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the openssh-unix-dev
mailing list