Hello, Based on the GSS userauth code that went into 3.7p1, I have made a patch to make OpenSSH support an alternative Kerberos 5 implementation called Shishi, via an alternative GSS-API implementation called GSSLib. The reason behind this message is mostly to let you know that another pair of eyes has been reading GSS userauth code in OpenSSH, and my impression is that it looks pretty good. I found one instance where OpenSSH cause the GSS library to follow a dangling pointer and write to likely unallocated memory (see patch), and several constructs that aren't likely to work with generic GSS mechanisms (e.g., the flags to gss_accept_sec_context() are set to 0 by OpenSSH, better would be GSS_C_MUTUAL_FLAG|GSS_C_INTEG_FLAG since that is what the code later check for), etc. Another, more egoistic, purpose is to get people to look at an alternative GSSAPI and Kerberos 5 implementation. Caveats: Only client mode is supported; the GSS server code in OpenSSH require too much non-GSS code that I didn't bother finish it. More information at <http://josefsson.org/gss/gss-openssh.html>. Thanks.