From owner-freebsd-security  Thu Dec  3 14:28:35 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA05473
          for freebsd-security-outgoing; Thu, 3 Dec 1998 14:28:35 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA05437
          for <security@FreeBSD.ORG>; Thu, 3 Dec 1998 14:28:26 -0800 (PST)
          (envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id RAA14742;
	Thu, 3 Dec 1998 17:27:46 -0500 (EST)
Date: Thu, 3 Dec 1998 17:27:46 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Dima Ruban <dima@best.net>
cc: lyndon@execmail.com, woodford@cc181716-a.hwrd1.md.home.com,
        security@FreeBSD.ORG
Subject: Re: mail.local
In-Reply-To: <199812032059.MAA07104@burka.rdy.com>
Message-ID: <Pine.BSF.3.96.981203172323.14719A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 3 Dec 1998, Dima Ruban wrote:

> Robert Watson writes:
> > Kerberos is easy -- it's finding clients that support KerberosIV under
> > UNIX that's hard.  That is, I have yet to find a copy of the Pine 3.9x
> > Kerberos IV patches that compile cleanly under FreeBSD, and I don't have
> > time to write them myself.  What I should really do is upgrade to K5
> > (which has native support under more recent versions of Pine), but I don't
> > believe that the CMU Cyrus server supports K5, only K4.  I would have
> > migrated all of the users of my system to the cyrus server long ago if
> > pine 3.9x didn't keep asking for passwords and sending them in the clear
> > text to my cyrus server. :)
> 
> If you use kerberos, I'd really suggest you on moving to K5.
> Much nicer and much more flexible in administration.

I would certainly like to move to K5, but that's not an insignificant
amount of trouble in terms of transitioning.  Speaking of KerberosV, is
it likely that FreeBSD will shift to shipping K4 instead of K5 by default
at some point?  K4 is the most common in all the environments I regularly
use (here at CMU anyway) but K5 certainly has advantages (including, I
believe, better support for multihomed hosts in the form of not using the
IP in tickets/authenticators?)

I would guess that the transition would be easier now that we have PAM?

  Robert N Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message