Kerberos Support In OpenSSH

Dan writes "Marshall Vale writes on behalf of the MIT Kerberos team and several other parties interested in the availability of Kerberos authentication for the SSH protocol. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Marshall says that Kerberos support within OpenSSH may be incomplete and needs more work. In particular, implementing draft-ietf-secsh-gsskeyex in addition to any other Kerberos mechanisms will better serve the needs of Kerberos community. Secondly, he says that they would like to reduce user confusion associated with all of the different options for Kerberos and SSH. He suggests adoption of the GSSAPI key exchange mechanism in the IETF draft (which uses Kerberos to authenticate both parties to each other), in order to avoid man-in-the-middle attacks."

Which is worse?

a) A loudmouth Debian user

or

b) An idiot Gentoo fanboy?

Answers from OpenBSD users will be ignored as Theo De'Raadt is a loudmouth asshole idiot.

Why so much bloat in a security-related server?

I don't want to troll (but it might be considered as a troll, anyway)..

Anytime I get a new OpenSSH tarball, it seems to get more a more bloated. As a programmer, i have a strong allergy to code bloat which always lead to a buggy unmaintenable piece of code. And, even more problematic for something like OpenSSH, security issues, because few people understand the new functionality added, and even less people fell familiar with its code.

What i want in a SSH server is a SSH server. PERIOD.

I predict that, after the next major remote root vulnerability, there will be new "lightweight" project focusing only on ssh!