From owner-freebsd-hackers@FreeBSD.ORG Wed Sep 19 17:54:32 2007 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F83C16A46E; Wed, 19 Sep 2007 17:54:32 +0000 (UTC) (envelope-from kevin@insidesystems.net) Received: from imap.insidesystems.net (imap.insidesystems.net [205.246.16.51]) by mx1.freebsd.org (Postfix) with ESMTP id 6BADA13C4B7; Wed, 19 Sep 2007 17:54:32 +0000 (UTC) (envelope-from kevin@insidesystems.net) Received: from [68.32.227.193] (helo=[10.0.1.3]) by imap.insidesystems.net with esmtpa (Exim 4.67 (FreeBSD)) (envelope-from ) id 1IY3UA-000Ku9-0A; Wed, 19 Sep 2007 17:37:14 +0000 Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Kevin Way Date: Wed, 19 Sep 2007 13:37:12 -0400 To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.752.3) Cc: freebsd-hackers@freebsd.org Subject: GSSAPI Key Exchange in sshd? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2007 17:54:32 -0000 I'm curious if there are technical (or other) reasons that prevent FreeBSD from adding RFC 4462 (GSSAPI Key Exchange) support to sshd. The MIT Kerberos team first requested this four years ago, and implementation patches have been available for years at: http:// www.sxw.org.uk/computing/patches/openssh.html The author of those patches has offered (without much public response) to allow integration of the patches into the openssh source distribution, so I don't think licensing would be an issue. This would be incredibly useful to me, as it'd remove the burden of site-wide ssh host key distribution. Regards, Kevin Way