[OpenIndiana-discuss] OpenSSH GSS-API-key-exchange
Jerry Kemp
sun.mail.list47 at oryx.us
Mon Dec 19 20:44:45 UTC 2016
My vote is to drop the patch.
If the patch is applied, my vote is to have GSSAPI options disabled by default.
Jerry
On 12/19/16 01:42 PM, Alexander Pyhalov wrote:
> Hello.
>
> Currently OpenSSH in OpenIndiana supports GSSAPIKeyExchange option
> and enables it by default
> (support for authenticating server via GSSAPI - alternative to
> distributing server ssh keys) -
> http://www.sxw.org.uk/computing/patches/openssh.html .
> This is a separate patch (but widespread one - it is supported by Debian and
> RedHat).
>
> The issue is that if DNS is misconfigured on client side, it can lead to long
> delays
> while connecting to ssh server.
>
> The question is - who does really use this option on OI? Can we just drop this
> patch
> (or at least disable it by default) without significant impact on user systems?
More information about the openindiana-discuss
mailing list