OpenSSH v3.8p1 fails to interoperate for GSSAPI (Kerberos) and X-Windows
Jim Carter
jimc at math.ucla.edu
Fri May 28 05:52:40 EST 2004
Damien Miller <djm at mindrot.org> wrote:
> The GSSAPI issue wouldn't have caused you as much pain if your Linux
> vendor hadn't added support for an unfinished protocol. Most other
> Linux vendors did the right thing and made the patch available as a
> compile time options, or as a clearly labelled separate package.
> If this same vendor is not providing you with the necessary support to
> retain compatibility with their previous versions, then you probably go
> and yell at them :)
I have :-( I'll append your comments to the ticket file.
The vendor is SuSE. Generally they're fairly aggressive, but within the
bounds of reason, in getting new features into their distro. I see your
comment that GSSAPI first appeared in OpenSSH v3.7. You are probably
right that SuSE added a circulating patch to v3.5p1, or backported the
3.7 GSSAPI code, both of which they are known to do regularly when a
feature is important.
In the current climate of hacking, I imagine that Kerberos-capable ssh
is one of the features most often asked for. Here's a reference for
"current climate of hacking", which is worth reading:
http://securecomputing.stanford.edu/alerts/multiple-unix-6apr2004.html
James F. Carter Voice 310 825 2897 FAX 310 206 6673
UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc at math.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key)
More information about the openssh-unix-dev
mailing list