One final more on de facto source splits. Not only does Solaris
10 and Debian have gss key exchange, there is at least one version
of PuTTY with it too:

http://rc.quest.com/topics/putty

This is listed on
http://www.chiark.greenend.org.uk/~s...tty/links.html

It comes with source and the diffs against PuTTY 0.60.
But it looks like it uses the SSPI rather then the MIT KfW
or either.

Douglas E. Engert wrote:
>
> Stephen Frost wrote:
>> * Carson Gaspar (carson@taltos.org) wrote:
>>> Damien Miller wrote:
>>>> Yes - we are very scared of adding features that lead to more
>>>> pre-authentication attack surface, especially when they delegate to
>>>> complex libraries with patchy security histories.
>>> The risk of a pre-auth GSSAPI bug is far less than the nearly
>>> _impossible_ key management problem without it. Sun has integrated the
>>> patch. My employer is rolling it out, and is asking Red Hat to include
>>> it. At this point, _not_ incorporating it upstream is just leading to a
>>> de facto source code fork. I strongly suggest the maintainers reconsider
>>> their position.

>
>
> I too agree with the previous responses. We have gotten away from
> building OpenSSH in favor of using the vendor's versions. Solaris 10
> and Ubuntu are used widely here and both have gssapi-keyex and work well
> togther. The option is on be default in Solaris 10 so anyone
> uses Kerberos and ssh on Solaris 10 is using gssapi-keyex.
>
> Looks like you already have a de facto source split. It would be nice
> to get things back in sync.
>
>> Thanks,
>>
>> Stephen
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev@mindrot.org
>> https://lists.mindrot.org/mailman/li...enssh-unix-dev

>


--

Douglas E. Engert
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev