Re: [Sam Hartman <hartmans@mekinok.com>] Handling ssh

[Matthew Vernon <matthew@sel.cam.ac.uk>]

Sam Hartman writes:
[snippage]
 > 1) It does not even attempt to support draft-ietf-secsh-gss-keyex,
 >     which is really the direction Kerberos ssh should go in.
 > 
 > 2) The support of krb5 for sshv1 is broken.  See the patches I point
 >     to in my ITP for some of the problems.
 > 
 > 3) Even if it worked as designed, it is not interoperable with the
 >    Kerberos ticket forwarding in ssh-nonfree.  That's sort of
 >    unfortunate as that style of Kerberos support is in wide use.
 >
 > There is work in the Kerberos community outside Debian to get these
 > patches merged.

Are they talking to openssh upstream, DYK? Experience suggests this is
a non-trivial thing to do successfully...

Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org