After far too much delay, I’ve finally released a version of my GSSAPI key exchange patches for OpenSSH 5.2p1. These patches contain a number of changes suggested by Greg Hudson to fix a number of minor issues he found during a code review, and also add a new GSSAPIClientIdentity option.
I’ve also taken this opportunity to improve the way I’m handling the patch series. Each individual change is now a separate patch, with the whole patch queue being managed by quilt. This should make it easier to sync patches up with the copies in the OpenSSH bugzilla.
The announcement email read as follows:
I shipped the OpenSSH package with cascading credentials support that we’ve been testing for the last year or so site wide today. It’ll appear in develop releases from tonight, and in the next stable release.
The cascading credential support isn’t enabled with this, however. Enabling cascading credentials requires a configuration file change which LCFG can’t sync with the package update – so the configuration will get changed in a subsequent release cycle (next weeks, if all goes according to plan).
More details on cascading credentials is available from the second part of my SSH talk at last year’s AFS & Kerberos Best Practices Workshop. I need to make a public release of this patch, too.