Date: Sat, 28 Feb 2009 02:01:42 -0700 From: Tim Judd <tajudd@gmail.com> To: Tom McLaughlin <tmclaugh@sdf.lonestar.org> Cc: Mel <fbsd.questions@rachie.is-a-geek.net>, freebsd-questions@freebsd.org Subject: Re: Heimdal vs MIT KerberosV Message-ID: <ade45ae90902280101t177a1de4gcbf540a3893a9dad@mail.gmail.com> In-Reply-To: <49A8A500.8070701@sdf.lonestar.org> References: <ade45ae90902260948s1a74ca80qbcfdbc5a1c4949e@mail.gmail.com> <200902261323.37744.fbsd.questions@rachie.is-a-geek.net> <49A8A500.8070701@sdf.lonestar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 27, 2009 at 7:44 PM, Tom McLaughlin <tmclaugh@sdf.lonestar.org>wrote: > Mel wrote: > >> On Thursday 26 February 2009 08:48:35 Tim Judd wrote: >> >> Building WITHOUT_KERBEROS and installing MIT-port, is best option to use >> that implementation. You may need to remove libraries by hand, not sure if >> make delete-old-libs covers it. >> > > Using WITHOUT_KERBEROS to build world IIRC will cause you to lose > pam_{krb5,ksu} and GSSAPI support in ssh. Depending on your environment, > those might be useful. > > Other than the kadmin protocol differences why change from Heimdal to MIT? > > tom > > -- > | tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org | > | FreeBSD http://www.FreeBSD.org | > > Frankly - it's a matter of exploration, learning and understanding of everything all put together. Secondly, it's because MIT offers a windows MIT KerberosV application and I wanted to see them interact with each other. Thirdly, src.conf(5) clearly states that the knob WITH_GSSAPI will re-introduce that back into world. And as a subnote, I don't know how to use GSSAPI, don't know how to administer the API, or enable a service/daemon to utilize GSSAPI. Fourthly -- Loosing the pam_{krb5,ksu} is no sweat. As the first, initial play thing, I'd keep local accounts, enabling K5 and see how they interact. Speaking of the interaction, it's the time to learn DNS SRV records, and K5 seems a useful go at it. I may have forgotten a reason, but it's how my mind works, how I enjoy to learn, and I'm not going to break the Internet doing it. :) LTNS, tmclaugh. Haven't seen you around recently. --TJ
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ade45ae90902280101t177a1de4gcbf540a3893a9dad>