Date: Sun, 24 Jan 2016 17:18:47 +0300 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no> Cc: freebsd-current@freebsd.org, freebsd-stable@freebsd.org, freebsd-security@freebsd.org Subject: Re: HPN and None options in OpenSSH Message-ID: <20160124141847.GM37895@zxy.spb.ru> In-Reply-To: <86mvrxvg79.fsf@desk.des.no> References: <86mvrxvg79.fsf@desk.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 22, 2016 at 03:31:22PM +0100, Dag-Erling Smørgrav wrote: > The HPN and None cipher patches have been removed from FreeBSD-CURRENT. > I intend to remove them from FreeBSD-STABLE this weekend. Can you do some small discurs about ssh+kerberos? I am try to use FreeBSD with $HOME over kerberoized NFS. For kerberoized NFS gssd need to find cache file "called /tmp/krb5cc_<uid>, where <uid> is the effective uid for the RPC caller" (from `man gssd`). sshd contrary create cache file for received ticket called /tmp/krb5cc_XXXXXXX (random string, created by krb5_cc_new_unique). Is this strong security requirement or [FreeBSD/upstream] can be patched (or introduce option) to use /tmp/krb5cc_<uid> as cache file for received ticket?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160124141847.GM37895>