Hi All, The OpenBSD tree is likely to be dropping KerberosIV support very soon. We will ultimately follow suit, but if there are many Krb4 users we may give a transition period of a release or two. AFAIK we don't compile at all against MIT KrbIV because of library conflicts. So, who is using OpenSSH Krb4 support at the moment? -d
On Thu, 15 May 2003, Damien Miller wrote:> Hi All, > > The OpenBSD tree is likely to be dropping KerberosIV support very soon. > We will ultimately follow suit, but if there are many Krb4 users we may > give a transition period of a release or two. > > AFAIK we don't compile at all against MIT KrbIV because of library > conflicts.- I fixed the MIT libraries to not have these problems over a year ago, I don't know if my patches have been accepted and in what version they will be distributed.> > So, who is using OpenSSH Krb4 support at the moment? >- Although I no longer work for the Stanford IT group I think they are still using it, with plans for phasing it out for K5. SLAC uses the AFS token passing code extensively, but I think that's already been phased out of the main code. - Booker C. Bense
>>>>> "Damien" == Damien Miller <djm at mindrot.org> writes:Damien> Hi All, The OpenBSD tree is likely to be dropping KerberosIV Damien> support very soon. We will ultimately follow suit, but if Damien> there are many Krb4 users we may give a transition period of Damien> a release or two. Damien> AFAIK we don't compile at all against MIT KrbIV because of Damien> library conflicts. Damien> So, who is using OpenSSH Krb4 support at the moment? We (CERN) do heavily use Krb4 auth & credential forwarding, coupled with AFS token passing. Will be some time before we can get rid of it, as it requires a complete (all platforms) transition to OpenAFS+Kerberos5 (no server-side compatibility Krb5<->4 translator, which would be fairly easy). I guess most sites with AFS are in a similar situation. Regards Jan