[OmniOS-discuss] Disabling GSSAPI Key Exchange from future OpenSSH?
Alex Wilson
alex at cooperi.net
Mon Dec 19 21:13:19 UTC 2016
On 12/19/16 11:36 AM, Michael Rasmussen wrote:
> On Mon, 19 Dec 2016 14:27:32 -0500
> Dan McDonald <danmcd at omniti.com> wrote:
>
>> OpenSSH 7.4 is coming soon. The maintainer of the illumos patch set is curious about the need for GSSAPI key exchanges in OpenSSH, now that it has completely replaced SunSSH.
>>
>> I think some of you may use this. Is it mission critical for you? Please provide feedback on here. I'm not sure what will happen, but knowing the fallout one way or the other would help.
>>
> If people wants to integrate Omnios in a Windows AD environment with
> native kerberos login GSSAPI is a crucial component.
>
Please note my reply further up the thread. Turning GSSAPI Key Exchange
off does *not* disable GSSAPI *authentication*, which is an entirely
separate feature.
Are you using GSS key exchange with an AD environment? If so, is that
part as critical as the authentication for your use case? I'd be curious
to hear any details of your setup if you wouldn't mind sharing.
More information about the OmniOS-discuss
mailing list