From owner-cvs-all@FreeBSD.ORG Wed Apr 30 12:41:57 2003 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A7FD137B401; Wed, 30 Apr 2003 12:41:57 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-67-115-75-172.dsl.lsan03.pacbell.net [67.115.75.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9741D43F75; Wed, 30 Apr 2003 12:41:56 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id 5055466B9B; Wed, 30 Apr 2003 12:41:56 -0700 (PDT) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id 288EA1539; Wed, 30 Apr 2003 12:41:56 -0700 (PDT) Date: Wed, 30 Apr 2003 12:41:56 -0700 From: Kris Kennaway To: Garrett Wollman Message-ID: <20030430194155.GA84924@rot13.obsecurity.org> References: <200304301754.h3UHsJ21004574@repoman.freebsd.org> <20030430181603.GD84302@rot13.obsecurity.org> <200304301917.h3UJH4Yj054706@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy" Content-Disposition: inline In-Reply-To: <200304301917.h3UJH4Yj054706@khavrinen.lcs.mit.edu> User-Agent: Mutt/1.4i cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org cc: Kris Kennaway Subject: Re: cvs commit: src/release Makefile src/release/scripts crypto-install.sh X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2003 19:41:58 -0000 --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 30, 2003 at 03:17:04PM -0400, Garrett Wollman wrote: > <= said: >=20 > > Hmm, is it really a good idea to combine crypto and krb5? krb5 is, I > > suspect, a rarely-used feature in the wild. >=20 > ``The wild'' contains lots and lots of Windows Active Directory > implementations. >=20 > For any operation larger than a few dozen hosts, Kerberos is a great > deal easier to manage than n^2 SSH key combinations. (This presumes > that you have a working version of Kerberized SSH, which at present > means OpenSSH 3.4 with the patches.) Even for relatively small > installations, the convenience factor can be significant, particularly > when integrated with other operating systems infrastructure. I'm quite prepared to believe it can be very convenient and useful, and I know several people who use it, but I still maintain it is not widely used. Kris --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+sCcDWry0BWjoQKURAgAlAJ9aMpW7Hwbw2mmw728D7QlcGeixqwCfVHj8 hpuKI26CzvQd1WXPlz7xHLU= =0joH -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy--