remove commented-out kerb-related entries in sshd_config
KerbV support was removed but the sample config entries remain. Should we remove them? Index: sshd_config === RCS file: /cvs/src/usr.bin/ssh/sshd_config,v retrieving revision 1.90 diff -u -p -r1.90 sshd_config --- sshd_config 16 May 2013 04:09:14 - 1.90 +++ sshd_config 5 Sep 2013 12:28:25 - @@ -72,16 +72,6 @@ AuthorizedKeysFile .ssh/authorized_keys # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no
Re: remove commented-out kerb-related entries in sshd_config
On Thu, Sep 05, 2013 at 01:30:24PM +0100, Stuart Henderson wrote: KerbV support was removed but the sample config entries remain. Should we remove them? What about the client config and the man pages? Index: sshd_config === RCS file: /cvs/src/usr.bin/ssh/sshd_config,v retrieving revision 1.90 diff -u -p -r1.90 sshd_config --- sshd_config 16 May 2013 04:09:14 - 1.90 +++ sshd_config 5 Sep 2013 12:28:25 - @@ -72,16 +72,6 @@ AuthorizedKeysFile .ssh/authorized_keys # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no -- Antoine
Re: remove commented-out kerb-related entries in sshd_config
On Thu, Sep 05, 2013 at 03:40:28PM +0200, Antoine Jacoutot wrote: On Thu, Sep 05, 2013 at 01:30:24PM +0100, Stuart Henderson wrote: KerbV support was removed but the sample config entries remain. Should we remove them? What about the client config and the man pages? there has been a bit of dicsussion about the man pages. in the end, i decided to do nothing for now. the code is still there, so for anyone turning it on, the documentation will be useful. we did consider removing the doc part, or adding a note to the effect of off by default. in the end no solution seemed entirely wonderful. i did also think along the lines of adding the doc part to a rolled in version for portable, but no one seemed keen. jmc
