From owner-freebsd-security  Thu Dec  3 16:37:50 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA23992
          for freebsd-security-outgoing; Thu, 3 Dec 1998 16:37:50 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA23986
          for <security@FreeBSD.ORG>; Thu, 3 Dec 1998 16:37:49 -0800 (PST)
          (envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.1/8.9.1) id QAA01449;
	Thu, 3 Dec 1998 16:37:10 -0800 (PST)
	(envelope-from dillon)
Date: Thu, 3 Dec 1998 16:37:10 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199812040037.QAA01449@apollo.backplane.com>
To: Robert Watson <robert@cyrus.watson.org>
Cc: Dima Ruban <dima@best.net>, lyndon@execmail.com,
        woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG
Subject: Re: mail.local
References:  <Pine.BSF.3.96.981203172323.14719A-100000@fledge.watson.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

   Eeek!  I like KRB5!  I don't even want to think about revisiting KRB4.

					-Matt

:
:On Thu, 3 Dec 1998, Dima Ruban wrote:
:
:> Robert Watson writes:
:> > Kerberos is easy -- it's finding clients that support KerberosIV under
:> > UNIX that's hard.  That is, I have yet to find a copy of the Pine 3.9x
:> > Kerberos IV patches that compile cleanly under FreeBSD, and I don't have
:> > time to write them myself.  What I should really do is upgrade to K5
:> > (which has native support under more recent versions of Pine), but I don't
:> > believe that the CMU Cyrus server supports K5, only K4.  I would have
:> > migrated all of the users of my system to the cyrus server long ago if
:> > pine 3.9x didn't keep asking for passwords and sending them in the clear
:> > text to my cyrus server. :)
:> 
:> If you use kerberos, I'd really suggest you on moving to K5.
:> Much nicer and much more flexible in administration.
:
:I would certainly like to move to K5, but that's not an insignificant
:amount of trouble in terms of transitioning.  Speaking of KerberosV, is
:it likely that FreeBSD will shift to shipping K4 instead of K5 by default
:at some point?  K4 is the most common in all the environments I regularly
:use (here at CMU anyway) but K5 certainly has advantages (including, I
:believe, better support for multihomed hosts in the form of not using the
:IP in tickets/authenticators?)
:
:I would guess that the transition would be easier now that we have PAM?
:
:  Robert N Watson 
:
:robert@fledge.watson.org              http://www.watson.org/~robert/
:PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C
:...

    Matthew Dillon  Engineering, HiWay Technologies, Inc. & BEST Internet 
                    Communications & God knows what else.
    <dillon@backplane.com> (Please include original email in any response)    

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message