From owner-cvs-all@FreeBSD.ORG Wed Apr 30 12:17:09 2003 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92F6037B401; Wed, 30 Apr 2003 12:17:09 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id B695843F85; Wed, 30 Apr 2003 12:17:08 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id h3UJH5Vo054709 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 30 Apr 2003 15:17:05 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id h3UJH4Yj054706; Wed, 30 Apr 2003 15:17:04 -0400 (EDT) (envelope-from wollman) Date: Wed, 30 Apr 2003 15:17:04 -0400 (EDT) From: Garrett Wollman Message-Id: <200304301917.h3UJH4Yj054706@khavrinen.lcs.mit.edu> To: Kris Kennaway In-Reply-To: <20030430181603.GD84302@rot13.obsecurity.org> References: <200304301754.h3UHsJ21004574@repoman.freebsd.org> <20030430181603.GD84302@rot13.obsecurity.org> X-Spam-Score: -19.8 () IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/release Makefile src/release/scripts crypto-install.sh X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2003 19:17:10 -0000 < said: > Hmm, is it really a good idea to combine crypto and krb5? krb5 is, I > suspect, a rarely-used feature in the wild. ``The wild'' contains lots and lots of Windows Active Directory implementations. For any operation larger than a few dozen hosts, Kerberos is a great deal easier to manage than n^2 SSH key combinations. (This presumes that you have a working version of Kerberized SSH, which at present means OpenSSH 3.4 with the patches.) Even for relatively small installations, the convenience factor can be significant, particularly when integrated with other operating systems infrastructure. -GAWollman