Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 Apr 2003 12:41:56 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        Garrett Wollman <wollman@lcs.mit.edu>
Cc:        Kris Kennaway <kris@obsecurity.org>
Subject:   Re: cvs commit: src/release Makefile src/release/scripts crypto-install.sh
Message-ID:  <20030430194155.GA84924@rot13.obsecurity.org>
In-Reply-To: <200304301917.h3UJH4Yj054706@khavrinen.lcs.mit.edu>
References:  <200304301754.h3UHsJ21004574@repoman.freebsd.org> <20030430181603.GD84302@rot13.obsecurity.org> <200304301917.h3UJH4Yj054706@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 

--KsGdsel6WgEHnImy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 30, 2003 at 03:17:04PM -0400, Garrett Wollman wrote:
> <<On Wed, 30 Apr 2003 11:16:03 -0700, Kris Kennaway <kris@obsecurity.org>=
 said:
>=20
> > Hmm, is it really a good idea to combine crypto and krb5?  krb5 is, I
> > suspect, a rarely-used feature in the wild.
>=20
> ``The wild'' contains lots and lots of Windows Active Directory
> implementations.
>=20
> For any operation larger than a few dozen hosts, Kerberos is a great
> deal easier to manage than n^2 SSH key combinations.  (This presumes
> that you have a working version of Kerberized SSH, which at present
> means OpenSSH 3.4 with the patches.)  Even for relatively small
> installations, the convenience factor can be significant, particularly
> when integrated with other operating systems infrastructure.

I'm quite prepared to believe it can be very convenient and useful,
and I know several people who use it, but I still maintain it is not
widely used.

Kris

--KsGdsel6WgEHnImy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+sCcDWry0BWjoQKURAgAlAJ9aMpW7Hwbw2mmw728D7QlcGeixqwCfVHj8
hpuKI26CzvQd1WXPlz7xHLU=
=0joH
-----END PGP SIGNATURE-----

--KsGdsel6WgEHnImy--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030430194155.GA84924>