Subject: Re: rfc2228 in ftpd
To: Jason R Thorpe <>
From: Theo de Raadt <>
List: tech-security
Date: 06/25/2002 03:05:16
>  > Doesn't krb5 do mutual auth already?  Why bother with host keys at
>  > all?
> Right.  But it's not clear that the *SSH* protocol supports that very
> well.

It has been pointed out very clearly to us by the KTH people that ssh
supports kerberos very poorly.

That said, their anwer is GSSAPI.

And because of the volume of code that entails, I am sure you can
understand our worry about linking that into sshd.