>On the particular issue, I would consider a flag, such as "Disable OS
>Identification to client" to be an acceptable option for all parties
>to consider.
Do you understand that the ramifications of this flag are:
"SSH will frequently fail to interoperate with different
implementations"?
and
"SSH no longer complies with standard"?
Do you understand that setting this flag will cause numerous support
calls of the form:
"SSH no longer works"?
And that solving such calls costs us (and the customer) time and money?
That this will be extremely hard to debug for any resolution center
because the problem may appear at the non-Solaris client side
(which we do not control) and the calls might be routed to other
vendors at first?
Such an option will hurt Sun *and* its customers a lot.
And this only to solve a non-problem?
Although, perhaps, Darren can be made to agree to:
# In some cases, customers are faced with incompetent security auditors
# who insist on suppressing the Sun_SSH part of the SSH welcoming banner;
# the banner is an important part of SSH interoperability and cannot be
# changed without breaking interoperability with other SSH implementations.
# In order to satisfy the auditor, set this option. This option will cause
# a console message to be printed for each incoming SSH connection.
MySecurityAuditorIsIncompetentButIKnowninglyBreakMySSHConfigurationToSatis
fyHim YES
But in the past we have strongly resisted changes to Solaris of this
nature.
Casper
_______________________________________________
opensolaris-discuss mailing list
[email protected]
