[OpenIndiana-discuss] OpenSSH GSS-API-key-exchange

[Adam Števko]

Hi,

I would like to see this default to off, but keep it.

Cheers,
Adam

> On 19 Dec 2016, at 21:17, Alex Smith (K4RNT) <shadowhunter at gmail.com> wrote:
> 
> isn't GSSAPI the name for the Kerberized versions of these protocols?
> 
> " 'With the first link, the chain is forged. The first speech censured, the
> first thought forbidden, the first freedom denied, chains us all
> irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom and
> warning... The first time any man's freedom is trodden on, we’re all
> damaged." - Jean-Luc Picard, quoting Judge Aaron Satie, Star Trek: TNG
> episode "The Drumhead"
> - Alex Smith
> - Kent, Washington (metropolitan Seattle area)
> 
>> On Mon, Dec 19, 2016 at 11:42 AM, Alexander Pyhalov <alp at rsu.ru> wrote:
>> 
>> Hello.
>> 
>> Currently OpenSSH in OpenIndiana supports GSSAPIKeyExchange option
>> and enables it by default
>> (support for authenticating server via GSSAPI - alternative to
>> distributing server ssh keys) - http://www.sxw.org.uk/computin
>> g/patches/openssh.html .
>> This is a separate patch (but widespread one - it is supported by Debian
>> and RedHat).
>> 
>> The issue is that if DNS is misconfigured on client side, it can lead to
>> long delays
>> while connecting to ssh server.
>> 
>> The question is - who does really use this option on OI? Can we just drop
>> this patch
>> (or at least disable it by default) without significant impact on user
>> systems?
>> --
>> System Administrator of Southern Federal University Computer Center
>> 
>> _______________________________________________
>> openindiana-discuss mailing list
>> openindiana-discuss at openindiana.org
>> https://openindiana.org/mailman/listinfo/openindiana-discuss
>> 
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss