OpenSSH 3.7 testing (Re: 3.6p1 bug on SCO OpenServer)
sxw at inf.ed.ac.uk
sxw at inf.ed.ac.uk
Wed Sep 17 06:05:08 EST 2003
On Sat, 13 Sep 2003, Colin Watson wrote:
> Am I right in saying that Kerberos V support has been completely merged?
> I'd like to get rid of our separate patched openssh-krb5 source package
> if possible, although I think we'll still need a separate build for
> Kerberos to avoid unwanted library linkage.
It's only been partially merged. Basically Kerberos authentication as part
of the user authentication process is there, but using Kerberos to secure
the initial key exchange isn't.
Smaller organisations, and those which already maintain and distribute
ssh_known_hosts maps, should find that the userauth support is sufficient.
Those that wish to use Kerberos to avoid the overheads of managing ssh
host keys will need key exchange support.
I intend on continuing to maintain my patches for key exchange support.
However, note that due to protocol changes, simply forward porting my
current patches to 3.7p1 is strongly discouraged. A new set of patches
will be available shortly.
Cheers,
Simon.
More information about the openssh-unix-dev
mailing list