[OpenIndiana-discuss] OpenSSH GSS-API-key-exchange

Alex Smith (K4RNT) shadowhunter at gmail.com
Mon Dec 19 20:17:07 UTC 2016


isn't GSSAPI the name for the Kerberized versions of these protocols?

" 'With the first link, the chain is forged. The first speech censured, the
first thought forbidden, the first freedom denied, chains us all
irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom and
warning... The first time any man's freedom is trodden on, we’re all
damaged." - Jean-Luc Picard, quoting Judge Aaron Satie, Star Trek: TNG
episode "The Drumhead"
- Alex Smith
- Kent, Washington (metropolitan Seattle area)

On Mon, Dec 19, 2016 at 11:42 AM, Alexander Pyhalov <alp at rsu.ru> wrote:

> Hello.
>
> Currently OpenSSH in OpenIndiana supports GSSAPIKeyExchange option
> and enables it by default
> (support for authenticating server via GSSAPI - alternative to
> distributing server ssh keys) - http://www.sxw.org.uk/computin
> g/patches/openssh.html .
> This is a separate patch (but widespread one - it is supported by Debian
> and RedHat).
>
> The issue is that if DNS is misconfigured on client side, it can lead to
> long delays
> while connecting to ssh server.
>
> The question is - who does really use this option on OI? Can we just drop
> this patch
> (or at least disable it by default) without significant impact on user
> systems?
> --
> System Administrator of Southern Federal University Computer Center
>
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
>


More information about the openindiana-discuss mailing list