isn't GSSAPI the name for the Kerberized versions of these protocols? " 'With the first link, the chain is forged. The first speech censured, the first thought forbidden, the first freedom denied, chains us all irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom and warning... The first time any man's freedom is trodden on, we’re all damaged." - Jean-Luc Picard, quoting Judge Aaron Satie, Star Trek: TNG episode "The Drumhead" - Alex Smith - Kent, Washington (metropolitan Seattle area)
On Mon, Dec 19, 2016 at 11:42 AM, Alexander Pyhalov <a...@rsu.ru> wrote: > Hello. > > Currently OpenSSH in OpenIndiana supports GSSAPIKeyExchange option > and enables it by default > (support for authenticating server via GSSAPI - alternative to > distributing server ssh keys) - http://www.sxw.org.uk/computin > g/patches/openssh.html . > This is a separate patch (but widespread one - it is supported by Debian > and RedHat). > > The issue is that if DNS is misconfigured on client side, it can lead to > long delays > while connecting to ssh server. > > The question is - who does really use this option on OI? Can we just drop > this patch > (or at least disable it by default) without significant impact on user > systems? > -- > System Administrator of Southern Federal University Computer Center > > _______________________________________________ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > https://openindiana.org/mailman/listinfo/openindiana-discuss > _______________________________________________ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss
