[OpenAFS] OpenSSH with krb and afs
Christopher D. Clausen
cclausen@acm.org
Fri, 20 Aug 2004 21:05:07 -0500
Mike Fedyk wrote:
> Ian Delahorne wrote:
>>
>>> Is there a particular reason why you need openssh 3.8? If
>>> not, use the ssh-krb5 package based on OpenSSH 3.6.
>>
>> http://www.openssh.com/txt/buffer.adv and
>>
> So apply the patch...
>
Debian already patches security vulnerabilities in woody (the stable
release).
But unless I'm reading it wrong, it appears that the 3.6.1 version
(testing and unstable) is also patched.
(http://packages.debian.org/changelogs/pool/main/o/openssh-krb5/openssh-krb5_3.6.1p2-5/changelog)
"SECURITY: fix for CAN-2003-0693, buffer allocation error"
I asked if openssh 3.8 was required because (as others have mentioned)
certain authentication methods are not compatible in 3.8.
<<CDC
Christopher D. Clausen
ACM@UIUC SysAdmin