[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

openssh and openssh-krb5

Hello folks,

My patch to turn ssh-krb5 into a transitional package provided by openssh
has languished in the BTS for a while now without any comment
(Bug##390986).  The security team is very unenthused about the idea of
continuing to maintain the current ssh-krb5 package for etch, and it
doesn't fill me with joy either.  In this patch, I tried to deal with the
various configuration issues involved and keep the upgrade as smooth as
possible and ensure that people with ssh-krb5 installed will get an ssh
installation with GSSAPI enabled.

Where should I go from here?  Should I NMU openssh with this patch?  I'd
really like to get a few more eyes on it if so; it seems to work for me,
but I may well be missing something vital.

Also, the current openssh-client package doesn't have the patch to add the
-K command-line option, which forces credential delegation even if it
it's normally turned off by configuration (the opposite of -k).  Not
having this in etch if ssh-krb5 were changed to a transitional package
would be a feature regression that I think some users would notice.  I
think this should be a relatively straightforward patch, although I've not
yet tried to extract it from the ssh-krb5 package and see how simple it
is.  Should I prepare a patch for this as well?  Put it in the same NMU?

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: