#
# Some options in OpenSSH have different default values from those in SunSSH.
# To make the transition smoother from SunSSH to OpenSSH, we change default
# values for the following options to be as same as those in SunSSH.
# 
#   GSSAPIAuthentication (for both server and client)
#   X11Forwarding        (for server)
#   ForwardX11Trusted    (for client)
#
# This is for Solaris only, we will not contribute back these changes to the
# upstream.
#
--- orig/readconf.c	Thu Sep  4 17:27:04 2014
+++ new/readconf.c	Tue Sep  9 17:33:50 2014
@@ -1575,7 +1575,11 @@
 	if (options->forward_x11 == -1)
 		options->forward_x11 = 0;
 	if (options->forward_x11_trusted == -1)
+#ifdef OPTION_DEFAULT_VALUE
+		options->forward_x11_trusted = 1;
+#else
 		options->forward_x11_trusted = 0;
+#endif
 	if (options->forward_x11_timeout == -1)
 		options->forward_x11_timeout = 1200;
 	if (options->exit_on_forward_failure == -1)
@@ -1593,7 +1597,11 @@
 	if (options->challenge_response_authentication == -1)
 		options->challenge_response_authentication = 1;
 	if (options->gss_authentication == -1)
+#ifdef OPTION_DEFAULT_VALUE
+		options->gss_authentication = 1;
+#else
 		options->gss_authentication = 0;
+#endif
 	if (options->gss_deleg_creds == -1)
 		options->gss_deleg_creds = 0;
 	if (options->password_authentication == -1)
--- orig/servconf.c	Thu Sep  4 17:17:58 2014
+++ new/servconf.c	Tue Sep  9 17:36:32 2014
@@ -208,7 +208,11 @@
 	if (options->print_lastlog == -1)
 		options->print_lastlog = 1;
 	if (options->x11_forwarding == -1)
+#ifdef OPTION_DEFAULT_VALUE
+		options->x11_forwarding = 1;
+#else
 		options->x11_forwarding = 0;
+#endif
 	if (options->x11_display_offset == -1)
 		options->x11_display_offset = 10;
 	if (options->x11_use_localhost == -1)
@@ -244,7 +248,11 @@
 	if (options->kerberos_get_afs_token == -1)
 		options->kerberos_get_afs_token = 0;
 	if (options->gss_authentication == -1)
+#ifdef OPTION_DEFAULT_VALUE
+		options->gss_authentication = 1;
+#else
 		options->gss_authentication = 0;
+#endif
 	if (options->gss_cleanup_creds == -1)
 		options->gss_cleanup_creds = 1;
 	if (options->password_authentication == -1)
--- orig/ssh_config.5	Thu Sep  4 17:58:05 2014
+++ new/ssh_config.5	Tue Sep  9 17:48:39 2014
@@ -643,8 +643,8 @@
 token used for the session will be set to expire after 20 minutes.
 Remote clients will be refused access after this time.
 .Pp
-The default is
-.Dq no .
+The default on Solaris is
+.Dq yes .
 .Pp
 See the X11 SECURITY extension specification for full details on
 the restrictions imposed on untrusted clients.
@@ -673,8 +673,8 @@
 .Pa /etc/ssh/ssh_known_hosts2 .
 .It Cm GSSAPIAuthentication
 Specifies whether user authentication based on GSSAPI is allowed.
-The default is
-.Dq no .
+The default on Solaris is
+.Dq yes .
 Note that this option applies to protocol version 2 only.
 .It Cm GSSAPIDelegateCredentials
 Forward (delegate) credentials to the server.
--- orig/sshd_config.5	Thu Sep  4 17:58:07 2014
+++ new/sshd_config.5	Tue Sep  9 17:49:58 2014
@@ -490,8 +490,8 @@
 .Dq no .
 .It Cm GSSAPIAuthentication
 Specifies whether user authentication based on GSSAPI is allowed.
-The default is
-.Dq no .
+The default on Solaris is
+.Dq yes .
 Note that this option applies to protocol version 2 only.
 .It Cm GSSAPICleanupCredentials
 Specifies whether to automatically destroy the user's credentials cache
@@ -1239,8 +1239,8 @@
 .Dq yes
 or
 .Dq no .
-The default is
-.Dq no .
+The default on Solaris is
+.Dq yes .
 .Pp
 When X11 forwarding is enabled, there may be additional exposure to
 the server and to client displays if the