From 17c39b94a38b7894d1ac0c96049493a52bc91079 Mon Sep 17 00:00:00 2001
From: Keiichi Mori <kmori@redhat.com>
Date: Fri, 6 Sep 2013 12:23:26 +0900
Subject: [PATCH 1/2] support GSSAPIAuth back

GSSAPIAuthentication has not been supported
due to PreferredAuthentications trick ( 2bdba17a85 )
---
 lib/ansible/runner/connection_plugins/ssh.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ansible/runner/connection_plugins/ssh.py b/lib/ansible/runner/connection_plugins/ssh.py
index 5ba07476761..4eea47daf0d 100644
--- a/lib/ansible/runner/connection_plugins/ssh.py
+++ b/lib/ansible/runner/connection_plugins/ssh.py
@@ -85,7 +85,7 @@ class Connection(object):
                                  "-o", "PubkeyAuthentication=no"]
         else:
             self.common_args += ["-o", "KbdInteractiveAuthentication=no",
-                                 "-o", "PreferredAuthentications=hostbased,publickey",
+                                 "-o", "PreferredAuthentications=gssapi-with-mic,hostbased,publickey",
                                  "-o", "PasswordAuthentication=no"]
         if self.user != pwd.getpwuid(os.geteuid())[0]:
             self.common_args += ["-o", "User="+self.user]

From f489702973f2e569c770b68f5650e2502eced12d Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@zarb.org>
Date: Fri, 6 Sep 2013 10:29:43 +0200
Subject: [PATCH 2/2] Also add back gssapi-keyex

While this is not currently implemented in openssh as far as I know,
there is patch floating around on the web and this may land one day
upstream.
---
 lib/ansible/runner/connection_plugins/ssh.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ansible/runner/connection_plugins/ssh.py b/lib/ansible/runner/connection_plugins/ssh.py
index 4eea47daf0d..4e02aacc6e9 100644
--- a/lib/ansible/runner/connection_plugins/ssh.py
+++ b/lib/ansible/runner/connection_plugins/ssh.py
@@ -85,7 +85,7 @@ class Connection(object):
                                  "-o", "PubkeyAuthentication=no"]
         else:
             self.common_args += ["-o", "KbdInteractiveAuthentication=no",
-                                 "-o", "PreferredAuthentications=gssapi-with-mic,hostbased,publickey",
+                                 "-o", "PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey",
                                  "-o", "PasswordAuthentication=no"]
         if self.user != pwd.getpwuid(os.geteuid())[0]:
             self.common_args += ["-o", "User="+self.user]