>> Right, part of the problem there is that people want to "use Kerberos
>> with ssh", and they don't understand the difference between gssapi-
>> with-mic
>> and gss-keyex.
>
>Aren't you supposed to use CAC or PIV cards?
Well, I hate to use the "Air Bud" loophole, but the rules as I
understand
On Thu, 2023-10-26 at 17:57 -0400, Ken Hornstein via Kerberos wrote:
> > > Unfortunately, ANOTHER one of the "fun" rules I live under is,
> > > "Thou
> > > shall have no other PKI than the DoD PKI". And as much as I can
> > > legitimately argue for many of the unusual things that I do, I
> > >
>Uh... If someone was able to swing that then you should be able to
>swing use of MD5 for non-cryptographic purposes where a 20 year old RFC
>requires it. But, I know, I know, never mind.
You are assuming someone is looking at all of the STIGs and they're all
logically consistent with each
On Fri, Oct 27, 2023 at 02:01:05PM -0400, Ken Hornstein via Kerberos wrote:
> >Aren't you supposed to use CAC or PIV cards?
>
> Well, I hate to use the "Air Bud" loophole, but the rules as I
> understand them don't ACTUALLY say that for ssh, and in some contexts
> they explictly say that
