From ed62913ee6389bccc8b2408bf9ee25bfcdef40a4 Mon Sep 17 00:00:00 2001
From: Jeff Forcier <jeff@bitprophet.org>
Date: Tue, 12 Sep 2017 13:07:23 -0700
Subject: Changelog re #1060

---
 sites/www/changelog.rst | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'sites/www')

diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index dbd33923..988aedac 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,9 @@
 Changelog
 =========
 
+* :bug:`1060` Fix key exchange (kex) algorithm list for GSSAPI authentication;
+  previously, the list used solely out-of-date algorithms, and now contains
+  newer ones listed preferentially before the old. Credit: Anselm Kruis.
 * :bug:`1055` (also :issue:`1056`, :issue:`1057`, :issue:`1058`, :issue:`1059`)
   Fix up host-key checking in our GSSAPI support, which was previously using an
   incorrect API call. Thanks to Anselm Kruis for the patches.
-- 
cgit v1.2.3


From 89a9b583e46f634792d814c5cff8e0cecdb5fa50 Mon Sep 17 00:00:00 2001
From: Jeff Forcier <jeff@bitprophet.org>
Date: Tue, 12 Sep 2017 13:11:05 -0700
Subject: Changelog re #1061

---
 sites/www/changelog.rst | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'sites/www')

diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 988aedac..a0662704 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,11 @@
 Changelog
 =========
 
+* :bug:`1061` Clean up GSSAPI authentication procedures so they do not prevent
+  normal fallback to other authentication methods on failure. (In other words,
+  presence of GSSAPI functionality on a target server precluded use of _any_
+  other auth type if the user was unable to pass GSSAPI auth.) Patch via Anselm
+  Kruis.
 * :bug:`1060` Fix key exchange (kex) algorithm list for GSSAPI authentication;
   previously, the list used solely out-of-date algorithms, and now contains
   newer ones listed preferentially before the old. Credit: Anselm Kruis.
-- 
cgit v1.2.3