Hello folks, My patch to turn ssh-krb5 into a transitional package provided by openssh has languished in the BTS for a while now without any comment (Bug##390986). The security team is very unenthused about the idea of continuing to maintain the current ssh-krb5 package for etch, and it doesn't fill me with joy either. In this patch, I tried to deal with the various configuration issues involved and keep the upgrade as smooth as possible and ensure that people with ssh-krb5 installed will get an ssh installation with GSSAPI enabled.
Where should I go from here? Should I NMU openssh with this patch? I'd really like to get a few more eyes on it if so; it seems to work for me, but I may well be missing something vital. Also, the current openssh-client package doesn't have the patch to add the -K command-line option, which forces credential delegation even if it it's normally turned off by configuration (the opposite of -k). Not having this in etch if ssh-krb5 were changed to a transitional package would be a feature regression that I think some users would notice. I think this should be a relatively straightforward patch, although I've not yet tried to extract it from the ssh-krb5 package and see how simple it is. Should I prepare a patch for this as well? Put it in the same NMU? -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
