On Thu, 4 Sep 2003, Jeffrey Hutzelman wrote: > On Thursday, September 04, 2003 16:59:56 +0200 Harald Barth > <[EMAIL PROTECTED]> wrote: > > > > >> is there anyone who would help the OpenSSH guys to include > >> back the krb4 support? As they did not know how to fix problems, > >> they rather removed the support as a whole. :(( > > > > I think krb5 and AFS (with 2b) gives me everything I would need. Any > > reason to keep v4? > > > > What is the status of v5 ticket forwarding in ssh today? > > There is a standards-track extension to the SSHv2 protocol which adds > GSSAPI-based user authentication, including credential delegation for those > mechanisms which support it (such as GSS-KRB5). It has been implemented in > a variety of SSH clients and servers; there are patches available for > OpenSSH 3.x, and I believe the new method will be included in the upcoming > OpenSSH 3.7 release.
Hi, I'd like to note that even 3.7.1p1 does not suppport krb5(the GSSAPI is undef in config.h regardless what configure options you use). Darren Tucker <[EMAIL PROTECTED]> wrote me that he'd love to accept patches for that. It mighhappen that if someone helps, they would release 3.6.1p3 which contains the old krb4 code with security fixes backported. For the 3.7 branch, someone from you has to convince Theo de Raadt to put the krb4 back ... :) I just don't get why ssh support .rhosts and why in comparison krb4 is considered insecure. -- Martin Mokrejs <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs MIPS / Institute for Bioinformatics <http://mips.gsf.de> GSF - National Research Center for Environment and Health Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany tel.: +49-89-3187 3683 , fax: +49-89-3187 3585 _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
