On Mon, Mar 7, 2011 at 6:53 AM, John Hodrien J.H.Hodrien@leeds.ac.uk wrote:
On Sat, 5 Mar 2011, Nico Kadel-Garcia wrote:
On Fri, Mar 4, 2011 at 7:57 AM, John Hodrien J.H.Hodrien@leeds.ac.uk wrote:
On Fri, 4 Mar 2011, Nico Kadel-Garcia wrote:
Contemporary versions of git, subversion, and OpenSSH built-in. I'm particularly looking forward to the built-in chroot capabilities and GSSAPI support in OpenSSH, and the major release improvements to git and subversion.
What does the new GSSAPI support do for you?
Single sign-on. Your Windows clients, in the right environment, can have their Kerberos tickets managed to allow Kerberos tickets, not authorized_keys, to be used very effectively and reduce typing !@#$!@#$ passwords or manipulating SSH keys. The "development" version of Putty also has this built right in, though it's not made it to the production version yet.
But that works just nicely with CentOS 5. I use GSSAPI together with kerberos tickets plucked out of Active Directory. Enable GSSAPIDelegateCredentials and it'll throw your ticket to the remote side, so you can merrily use your kerberos ticket there too.
Have you backported OpenSSH 5.x to CentOS 5? Because I don't see the full features set without OpenSSH 5.x, such as "GSSApiKeyExchange".
Hmm. What you've described is an ssh_config option, which is set to "no" by default. I'll have to look into that. There have been some interesting..... traction issues with using the backported OpenSSH 5.x I'm currently reliant on for CentOS 5 and RHEL 5.