GSSAPI Key Exchange Patch

Stephen Frost sfrost at
Fri Nov 16 12:39:26 EST 2007


* petesea at (petesea at wrote:
> I'm sure I'm not the only one that uses it and would like to see it become 
> part of the OpenSSH source.  Is there something missing or is there some 
> technical/philosophical reason for not including it?

We'd also like to see it incorporated.  It's unfortunate that it
continues to be an ordeal to get proper GSSAPI support for OpenSSH even
with all of Simon's hard work.  I havn't been following the IETF/RFC
draft process lately but I thought getting that finalized, including
GSSAPI server auth, was the remaining hoop GSSAPI and Kerberos
supporters had to jump through to get this incorporated upstream (and I
thought people were working on it, but it does seem like it's been quite
a while now..).

Certainly one thing we're thankful for is that Debian has Simon's patch
incorporated, and has for quite some time now.  I suppose, sadly, that
it's probably one of the reasons people havn't been more vocal about
getting it incorporated upstream.  In fact, looking back, it was
incorporated in the September 14th, 2005 upload to Debian of version
1:4.2p1-2, and Colin credited me for asking for it in the changelog. :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : 

More information about the openssh-unix-dev mailing list