[OpenIndiana-discuss] OpenSSH GSS-API-key-exchange

Jim Klimov jimklimov at cos.ru
Tue Dec 20 01:47:54 UTC 2016


19 декабря 2016 г. 21:35:14 CET, "Adam Števko" <adam.stevko at gmail.com> пишет:
>Hi,
>
>I would like to see this default to off, but keep it.
>
>Cheers,
>Adam
>
>> On 19 Dec 2016, at 21:17, Alex Smith (K4RNT) <shadowhunter at gmail.com>
>wrote:
>> 
>> isn't GSSAPI the name for the Kerberized versions of these protocols?
>> 
>> " 'With the first link, the chain is forged. The first speech
>censured, the
>> first thought forbidden, the first freedom denied, chains us all
>> irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom
>and
>> warning... The first time any man's freedom is trodden on, we’re all
>> damaged." - Jean-Luc Picard, quoting Judge Aaron Satie, Star Trek:
>TNG
>> episode "The Drumhead"
>> - Alex Smith
>> - Kent, Washington (metropolitan Seattle area)
>> 
>>> On Mon, Dec 19, 2016 at 11:42 AM, Alexander Pyhalov <alp at rsu.ru>
>wrote:
>>> 
>>> Hello.
>>> 
>>> Currently OpenSSH in OpenIndiana supports GSSAPIKeyExchange option
>>> and enables it by default
>>> (support for authenticating server via GSSAPI - alternative to
>>> distributing server ssh keys) - http://www.sxw.org.uk/computin
>>> g/patches/openssh.html .
>>> This is a separate patch (but widespread one - it is supported by
>Debian
>>> and RedHat).
>>> 
>>> The issue is that if DNS is misconfigured on client side, it can
>lead to
>>> long delays
>>> while connecting to ssh server.
>>> 
>>> The question is - who does really use this option on OI? Can we just
>drop
>>> this patch
>>> (or at least disable it by default) without significant impact on
>user
>>> systems?
>>> --
>>> System Administrator of Southern Federal University Computer Center
>>> 
>>> _______________________________________________
>>> openindiana-discuss mailing list
>>> openindiana-discuss at openindiana.org
>>> https://openindiana.org/mailman/listinfo/openindiana-discuss
>>> 
>> _______________________________________________
>> openindiana-discuss mailing list
>> openindiana-discuss at openindiana.org
>> https://openindiana.org/mailman/listinfo/openindiana-discuss
>
>_______________________________________________
>openindiana-discuss mailing list
>openindiana-discuss at openindiana.org
>https://openindiana.org/mailman/listinfo/openindiana-discuss

+1 - present, but maybe off by default
--
Typos courtesy of K-9 Mail on my Samsung Android



More information about the openindiana-discuss mailing list