Re: gss userauth

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: gss userauth
From: Markus Friedl <markus%openbsd.org@localhost>
Date: Tue, 2 Sep 2003 18:30:14 +0200

On Tue, Sep 02, 2003 at 12:10:32PM -0400, Jeffrey Hutzelman wrote:
> - Maintaining backward compatibility for the existing deployed base,
>   so that people can transition without a flag day.

that's easy if you use a different name for the method.

> - Maintaining support for GSSAPI mechanisms which are unable to support
>   GSS_GetMIC()
> - Not making gratuitous changes to work that's already been done.

i don't see why this is necessary.

> - Getting this done in a timely manner.
> 
> I know there are implementors who are planning on doing releases in the
> near future which include GSSAPI userauth (you know who you are).  I'd
> like to see those releases include support for the more secure variant, in

OpenSSH 3.7 cannot ship a 'more secure variant'.  It was even
considered replacing "gssapi" userauth with "kerberos-2%ssh.com@localhost".

Follow-Ups:
- Re: gss userauth
  - From: Jeffrey Hutzelman

References:
- Re: gss userauth
  - From: Joel N. Weber II
- Re: gss userauth
  - From: Jeffrey Hutzelman

Prev by Date: Re: gss userauth
Next by Date: Re: gss userauth
Previous by Thread: Re: gss userauth
Next by Thread: Re: gss userauth
Indexes:

Home | Main Index | Thread Index | Old Index