I am talking about adding back the (icky) krb5 support.  The problem

I don't personally find direct krb5 use distasteful, myself - I've
just observed the reactions from the krb folks.

  is that the OpenSSH guys added GSSAPI support and then removed the
  krb5 support 3 days later.  No Kerberos shop has a reasonable
  upgrade strategy from OpenSSH 3.6.1 -> >=3.7 since they will not
  interoperate (this is a little annoying, yes.)

Do they claim the direct krb5 support has a security problem, or is
this just "progress"?   Having both supported in our version sounds
like a good plan.


-- 
        Greg Troxel <gdt@ir.bbn.com>