Re: gss userauth

To: Joseph Galbraith <galb-list%vandyke.com@localhost>
Subject: Re: gss userauth
From: Markus Friedl <markus%openbsd.org@localhost>
Date: Wed, 3 Sep 2003 11:49:04 +0200

On Tue, Sep 02, 2003 at 06:46:03PM -0600, Joseph Galbraith wrote:
> Precisely.  I believe a new server should alway
> advertise gssapi-with-mic.  If it wishes to offer
> backwards compatibility, then it MAY advertise
> the older "gssapi".

I agree, "gssapi" should only be offered for backward
compatibility and legacy clients.

During a transition period server can offer both
"gssapi" and "gssapi-mic".

> However, I'm not even sure we need to document "gssapi"
> in the new draft, other than to say it once existed,
> and SHOULD NOT be used anymore.  I.e., reserve the name
> string as unused.

I agree.

References:
- Re: gss userauth
  - From: Jeffrey Hutzelman
- Re: gss userauth
  - From: Joel N. Weber II
- Re: gss userauth
  - From: Jeffrey Hutzelman
- Re: gss userauth
  - From: Markus Friedl
- Re: gss userauth
  - From: Nicolas Williams
- Re: gss userauth
  - From: Jeffrey Hutzelman
- Re: gss userauth
  - From: Joseph Galbraith

Prev by Date: Re: gss userauth
Next by Date: Re: gss userauth
Previous by Thread: RE: gss userauth
Next by Thread: Re: gss userauth
Indexes:

Home | Main Index | Thread Index | Old Index