Future of kerberised telnet, login, rsh, ftp?

Russ Allbery rra at stanford.edu
Wed Jul 6 14:23:32 EDT 2005

Douglas E Engert <deengert at anl.gov> writes:

> I believe with version OpenSSH-4.1p1 there are no third party patches
> needed.  (Unless there is no PAM support.) We have been able to use the
> pam session routines to get AFS tokens from delegated gssapi credentials
> as well as from pam authentication.

> So what patches do people still believe are needed?

GSSAPI key exchange.  I'm already keying all of my hosts once with
Kerberos.  They should not have separate RSA keys that also have to be
kept secure and unchanging.

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the krbdev mailing list