GSSAPIDelegateCredentials only works for REQUIRES_PRE_AUTH principals?

Adam Megacz megacz at cs.berkeley.edu
Thu Jun 10 14:40:28 EDT 2010


Russ Allbery <rra at stanford.edu> writes:
> I haven't looked at the code personally, but what I recall from what other
> people have said is that the code is structured so that doing proper error
> reporting is fairly difficult.

I can see how it might be difficult to get a message back to the client,
but it can't be all that hard to syslog it at the server... I don't find
that too discouraging.

> It can also quite hard to get OpenSSH upstream to take GSSAPI-related
> patches, depending on how those patches strike them.

This, on the other hand, is very discouraging.

Thanks for the heads-up.

  - a




More information about the Kerberos mailing list