-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 17 May 2003 itojun@iijlab.net wrote:

>>So I read (a chunk of) the thread, and I've gotta say, I'm not
>>convinced.  Sure, doing krb5 in ssh2 the right way (via gssapi) involves
>>more code.  This is not in of itself a strike against it.  If anything,
>>the code Roland linked, which is apparently in daily use, may be a
>>better bet than code done locally to the OpenSSH group, whose leadership
>>have said repeatedly that they don't use kerberos, and thus are not
>>willing to make any large effort in the direction of supporting it.
>
>	krb5-with-ssh2 method (which was committed yesterday) was designed
>	by ssh.com people, not openssh people.  you are blaming wrong guys
>	for no good reaason.

With due respect, itojun, the answer which I was expressly given by `the
wrong guys' when I asked about krb5 support in openssh with privsep
enabled was, and I quote, `I don't use kerberos5, so I don't care about
this'.

It's sure not clear to me that this is a better approach than wanting
gssapi support in openssh.  Is it to you?

- -- 
				Jim Wise
				jwise@draga.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (NetBSD)

iD8DBQE+xawulGcH240chEIRAvOIAKCsTDlR92Z8LKA77EKjZv1Z0CqKDwCghSQj
pw6VP6brKd104zBDpv+DbiI=
=I4ra
-----END PGP SIGNATURE-----