Red Hat Bugzilla – Bug 62985
Openssh kerberos patch requested
Last modified: 2007-04-18 12:41:46 EDT
Openssh has limited, dated, and buggy support for Kerberos authentication. For
some time a patch has been maintained by Simon Wilkinson at:
This patch works very well and has been steadily maintained for some time. At
the same time it would appear the little Kerberos code in Openssh is suffering
from bit-rot; it seems to be quite incomplete and buggy. Simon's code seems
quite well respected on the openssh mailing list, but hasn't attracted the
critical mass to become a priority for inclusion into the main Openssh codebase.
I think this feature makes Openssh much more powerful: simple secure logins
across the network, without having to type a password, yet without any
user-managed keys that can be lost or compromised.
I would like to humbly suggest that Red Hat consider including Simon's patch
with your distributed version of openssh.
Perhaps I'm being a pest, but since my earlier comments still apply (and
nobody's replied or changed the status from NEW), I'm bumping the version to 8.0.
No, the patch is based upon an internet-draft which is still in flux. If and
when the draft stabilises, then we may consider adding it to core OpenSSH. Until
then it would be irresponsible to widely deploy it.
Kerberos support is in the current releases.