openssh and openssh-krb5
Hello folks,
My patch to turn ssh-krb5 into a transitional package provided by openssh
has languished in the BTS for a while now without any comment
(Bug##390986). The security team is very unenthused about the idea of
continuing to maintain the current ssh-krb5 package for etch, and it
doesn't fill me with joy either. In this patch, I tried to deal with the
various configuration issues involved and keep the upgrade as smooth as
possible and ensure that people with ssh-krb5 installed will get an ssh
installation with GSSAPI enabled.
Where should I go from here? Should I NMU openssh with this patch? I'd
really like to get a few more eyes on it if so; it seems to work for me,
but I may well be missing something vital.
Also, the current openssh-client package doesn't have the patch to add the
-K command-line option, which forces credential delegation even if it
it's normally turned off by configuration (the opposite of -k). Not
having this in etch if ssh-krb5 were changed to a transitional package
would be a feature regression that I think some users would notice. I
think this should be a relatively straightforward patch, although I've not
yet tried to extract it from the ssh-krb5 package and see how simple it
is. Should I prepare a patch for this as well? Put it in the same NMU?
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: