IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: gss userauth



On Thu, Sep 04, 2003 at 08:22:07PM -0400, Jeffrey Hutzelman wrote:
> On Thursday, September 04, 2003 16:58:09 -0700 Nicolas Williams 
> <Nicolas.Williams%sun.com@localhost> wrote:
> >On Thu, Sep 04, 2003 at 04:29:47PM -0600, Joseph Galbraith wrote:
> >>All right-- so the big question is--
> >>have we reached consensus for reals
> >>this time?
> >
> >What's the consensus?  That gssapi and external-keyex userauth are to be
> >deprecated and replaced with forms that correctly bind the context to
> >the session?
> 
> Yes.  Particularly:
> 
> - Obsolete external-keyex; it should not be used.
> - Replace 'gssapi' with 'gssapi-with-mic'
> - Add 'gssapi-keyex' to send a MIC using the context established during key 
> exchange.

So, obsolete and replace the two gss-related userauths.  I agree.

Cheers,

Nico
-- 



Home | Main Index | Thread Index | Old Index