Hello.
Currently OpenSSH in OpenIndiana supports GSSAPIKeyExchange option
and enables it by default
(support for authenticating server via GSSAPI - alternative to
distributing server ssh keys) -
http://www.sxw.org.uk/computing/patches/openssh.html .
This is a separate patch (but widespread one -
isn't GSSAPI the name for the Kerberized versions of these protocols?
" 'With the first link, the chain is forged. The first speech censured, the
first thought forbidden, the first freedom denied, chains us all
irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom and
warning... Th
Hi,
I would like to see this default to off, but keep it.
Cheers,
Adam
> On 19 Dec 2016, at 21:17, Alex Smith (K4RNT) wrote:
>
> isn't GSSAPI the name for the Kerberized versions of these protocols?
>
> " 'With the first link, the chain is forged. The first speech censured, the
> first though
Alex Smith (K4RNT) писал 19.12.2016 23:17:
isn't GSSAPI the name for the Kerberized versions of these protocols?
Yes. Note, that we speak about GSSAPI server key exchange, not about
GSSAPI client authentication.
---
System Administrator of Southern Federal University Computer Center
__
My vote is to drop the patch.
If the patch is applied, my vote is to have GSSAPI options disabled by default.
Jerry
On 12/19/16 01:42 PM, Alexander Pyhalov wrote:
Hello.
Currently OpenSSH in OpenIndiana supports GSSAPIKeyExchange option
and enables it by default
(support for authenticating
Seems like 'keep patch, make default:disabled' is the best path forward.
Lou Picciano
- Original Message -
From: "Alexander Pyhalov"
To: "Discussion list for OpenIndiana"
Sent: Monday, December 19, 2016 3:35:22 PM
Subject: Re: [OpenIndiana-discuss
In regard to: [OpenIndiana-discuss] OpenSSH GSS-API-key-exchange, Alexander...:
Currently OpenSSH in OpenIndiana supports GSSAPIKeyExchange option
and enables it by default
(support for authenticating server via GSSAPI - alternative to
distributing server ssh keys) -
http://www.sxw.org.uk
19 декабря 2016 г. 21:35:14 CET, "Adam Števko" пишет:
>Hi,
>
>I would like to see this default to off, but keep it.
>
>Cheers,
>Adam
>
>> On 19 Dec 2016, at 21:17, Alex Smith (K4RNT)
>wrote:
>>
>> isn't GSSAPI the name for the Kerberized versions of these protocols?
>>
>> " 'With the first link
2 PM
Subject: Re: [OpenIndiana-discuss] OpenSSH GSS-API-key-exchange
Alex Smith (K4RNT) писал 19.12.2016 23:17:
isn't GSSAPI the name for the Kerberized versions of these protocols?
Yes. Note, that we speak about GSSAPI server key exchange, not about
GSSAPI client authentication.
Please
+1 also for keep patch but off by default.
Am 20.12.2016 um 02:47 schrieb Jim Klimov:
+1 - present, but maybe off by default
--
Typos courtesy of K-9 Mail on my Samsung Android
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
On 19/12/2016 22:03, Tim Mooney wrote:
In regard to: [OpenIndiana-discuss] OpenSSH GSS-API-key-exchange,
Alexander...:
Currently OpenSSH in OpenIndiana supports GSSAPIKeyExchange option
and enables it by default
(support for authenticating server via GSSAPI - alternative to
distributing server
"Udo Grabowski (IMK)" writes:
[...]
> +1 for keeping and off by default - this is, e.g., needed
> where you login against a Windows central IDM infrastructure.
I don't have any kind of vote here... however, have had man problems
with the current default. My other lan machine (only a few really
12 matches
Mail list logo
