Hello,
Kevin Way wrote:
I'm curious if there are technical (or other) reasons that prevent
FreeBSD from adding RFC 4462 (GSSAPI Key Exchange) support to sshd.
The MIT Kerberos team first requested this four years ago, and
implementation patches have been available for years at:
http://www.sxw.org.uk/computing/patches/openssh.html
The author of those patches has offered (without much public response)
to allow integration of the patches into the openssh source
distribution, so I don't think licensing would be an issue.
This would be incredibly useful to me, as it'd remove the burden of
site-wide ssh host key distribution.
I'm using openssh-portable from ports to do this. It is option there so
you have a choice.
Unfortunately there is no patch available for the latest (4.7) openssh,
so we have to wait little.
It was explained many times why you should use ports if you want
customization for apps like heimdal, openssh and perl (in the past when
it was built-in in the base system).
Also it is quite more easy to maintain updates, when you use ports
version for this.
Why it is not part of openssh I can only guess, but I'm sure it involves
security problems (just like HPN patch), and that's why it is not part
of the source tree of openssh.
Regards,
Kevin Way
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to
[EMAIL PROTECTED]
--
Best Wishes,
Stefan Lambrev
ICQ# 24134177
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to [EMAIL PROTECTED]
