Roland Dowdeswell <elric@imrryr.org> wrote:

> I am talking about adding back the (icky) krb5 support.  The problem
> is that the OpenSSH guys added GSSAPI support and then removed the
> krb5 support 3 days later.  No Kerberos shop has a reasonable
> upgrade strategy from OpenSSH 3.6.1 -> >=3.7 since they will not
> interoperate (this is a little annoying, yes.)

So it seems we need PAM and kerberos support. PAM is available in
OpenSSH-3.6.1p2 (the portable version).

Would it make sense to switch to 3.6.1p2 and then add the kerberos
support it lacks?

Do we have local patches in 3.6.1 that need to be kept if we switch?
http://www.netbsd.org/Documentation/software/3rdparty/ only list config
tweaks.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org