On Fri, 19 Jan 2001, Ken Hornstein wrote:

> I'm not arguing _AGAINST_ better SSH-K5 integration, of course ... but
> I guess I'm missing something - how is the current situation worse
> than before Heimdal?  You had to install a custom SSH before, right?

Just to put some temporary closure on this - I did some work over the
weekend, and found that SSH Inc's SSH2's (v2.4.0) Krb5 support is less
invasive that SSH1 is, so it was able to compile with MIT Kerberos
installed in /usr/local/krb5.  It doesn't do ticket-forwarding, but that
is a luxury, IMO, and SSH2 is able to query the KDC to verify the
password, which is all I wanted. :)

So it's another reason to transition to SSH2, and I can now wait for
whatever solution the OpenSSH/NetBSD developers come up with. :)

Thanks to all those who sent suggestions.

-Peter
-- 
Peter Losher   				      <Peter.Losher@nominum.com>
Systems Admin. - Nominum, Inc.              PGP key available on request