tag 212480 + moreinfo thanks It looks like this patch is not neccesary if you set GSSAPIStrictAcceptorCheck to "no" in sshd_config. When this is done, "the client may authenticate against any service key stored in the machine's default store". Regards, -- Sam Morris <sam@robots.org.uk>