Subject: | |
From: | |
Reply To: | |
Date: | Fri, 15 Jul 2011 23:03:14 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Fri, Jul 15, 2011 at 4:16 PM, Troy Dawson <[log in to unmask]> wrote:
> On 07/15/2011 02:25 PM, Steve Gaarder wrote:
>>
>> I notice that there are alternative SSH packages in the contrib
>> repository for SL 5. In what way do these differ from the standard
>> packages?
>>
>> thanks,
>>
>
> Those were contributed by Fermilab.
> The client is patched so that it does both gssapi and gssapi-with-mic ...
> and a couple other authentication methods as well that I can't remember.
>
> Troy
The missing GSSAPI in the old OpenSSH 4.x releases in RHEL 5 are an
ongoing security issue. The GSSAPI modules allow genuine
"single-sign-on" behavior with an appropriate Kerberos or upstream
Active Directory setup (which is partly based on Kerberos).
Coupled with the Putty 0.61 release that came out a few days ago, It
makes single sign on in mixed environments a lot safer and easier to
manage, and helps avoid the security problems of ill-managed SSH keys
and people's refusal to properly protect, or even password protect,
the private keys they wander around with.
It's well worth the effort to switch to such better manageable,
revokable, and updatable authentication.
|
|
|