GSSAPI Key Exchange Patch
Damien Miller
djm at mindrot.org
Fri Nov 16 19:25:04 EST 2007
On Thu, 15 Nov 2007, petesea at bigfoot.com wrote:
> Will Simon Wilkinson's GSSAPI Key Exchange patch ever be incorporated into
> the OpenSSH source?
As far as I know, none of the current core OpenSSH developers are in
favour of adding it.
> http://www.sxw.org.uk/computing/patches/openssh.html
>
> I'm sure I'm not the only one that uses it and would like to see it become
> part of the OpenSSH source. Is there something missing or is there some
> technical/philosophical reason for not including it?
Yes - we are very scared of adding features that lead to more
pre-authentication attack surface, especially when they delegate to
complex libraries with patchy security histories.
-d
More information about the openssh-unix-dev
mailing list