Re: [Sam Hartman <hartmans@mekinok.com>] Handling ssh
>>>>> "Matthew" == Matthew Vernon <matthew@debian.org> writes:
Matthew> What currently is the problem with the kerberos support
Matthew> in the openssh source?
1) It does not even attempt to support draft-ietf-secsh-gss-keyex,
which is really the direction Kerberos ssh should go in.
2) The support of krb5 for sshv1 is broken. See the patches I point
to in my ITP for some of the problems.
3) Even if it worked as designed, it is not interoperable with the
Kerberos ticket forwarding in ssh-nonfree. That's sort of
unfortunate as that style of Kerberos support is in wide use.
Matthew> I think ideally, one source package that produces
Matthew> multiple binary packages is really what we want. Writing
Matthew> the rules file would be fun, though :)
Once all the patches are integrated upstream I think that one binary
package is ideal. I really dislike build systems that patch source at
build time, so I'd recommend two source packages until upstream
accepts the patches.
There is work in the Kerberos community outside Debian to get these
patches merged.
Reply to: