From owner-freebsd-questions@FreeBSD.ORG Sat Feb 28 09:01:43 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C40A71065670 for ; Sat, 28 Feb 2009 09:01:43 +0000 (UTC) (envelope-from tajudd@gmail.com) Received: from mail-gx0-f176.google.com (mail-gx0-f176.google.com [209.85.217.176]) by mx1.freebsd.org (Postfix) with ESMTP id 6BBDE8FC1C for ; Sat, 28 Feb 2009 09:01:43 +0000 (UTC) (envelope-from tajudd@gmail.com) Received: by gxk24 with SMTP id 24so3937202gxk.19 for ; Sat, 28 Feb 2009 01:01:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=k83a9Ay3qUoo64n1LpeES6FuNnIBTnkMschaxX3gaeU=; b=Tty46dNckBTgTa3uegk/mO74fe48h61llq5O8CSv1aCk+hrDIi94nSL63t0T4iTIjf kbtNWQbJBbtMXOqFkFXflziV8Q9wX7t0KSbmSS0q9suJU4Qyskj7iOkjsOfXcHenkH7j omc/KtIIDNxY1j2JvE00Qv/MbNuoybXbjuOzs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=g3ZhRx1nnDXrnnTpN6mumyToOV4GxpeJ3gghSD1aAZgfbLiL6M3nPIpa1mrcbovpS/ TWH1wGDU+BoExGl76vu9OfNb45HPpB1VvxDNKIpY9ApdA1XHxbgcIoLsnUCNqxzVKchD Guoj5geprNhmmzF6gAGfSR1Pqb/NP6b7zH9fE= MIME-Version: 1.0 Received: by 10.231.32.70 with SMTP id b6mr2615414ibd.52.1235811702458; Sat, 28 Feb 2009 01:01:42 -0800 (PST) In-Reply-To: <49A8A500.8070701@sdf.lonestar.org> References: <200902261323.37744.fbsd.questions@rachie.is-a-geek.net> <49A8A500.8070701@sdf.lonestar.org> Date: Sat, 28 Feb 2009 02:01:42 -0700 Message-ID: From: Tim Judd To: Tom McLaughlin Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Mel , freebsd-questions@freebsd.org Subject: Re: Heimdal vs MIT KerberosV X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2009 09:01:44 -0000 On Fri, Feb 27, 2009 at 7:44 PM, Tom McLaughlin wrote: > Mel wrote: > >> On Thursday 26 February 2009 08:48:35 Tim Judd wrote: >> >> Building WITHOUT_KERBEROS and installing MIT-port, is best option to use >> that implementation. You may need to remove libraries by hand, not sure if >> make delete-old-libs covers it. >> > > Using WITHOUT_KERBEROS to build world IIRC will cause you to lose > pam_{krb5,ksu} and GSSAPI support in ssh. Depending on your environment, > those might be useful. > > Other than the kadmin protocol differences why change from Heimdal to MIT? > > tom > > -- > | tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org | > | FreeBSD http://www.FreeBSD.org | > > Frankly - it's a matter of exploration, learning and understanding of everything all put together. Secondly, it's because MIT offers a windows MIT KerberosV application and I wanted to see them interact with each other. Thirdly, src.conf(5) clearly states that the knob WITH_GSSAPI will re-introduce that back into world. And as a subnote, I don't know how to use GSSAPI, don't know how to administer the API, or enable a service/daemon to utilize GSSAPI. Fourthly -- Loosing the pam_{krb5,ksu} is no sweat. As the first, initial play thing, I'd keep local accounts, enabling K5 and see how they interact. Speaking of the interaction, it's the time to learn DNS SRV records, and K5 seems a useful go at it. I may have forgotten a reason, but it's how my mind works, how I enjoy to learn, and I'm not going to break the Internet doing it. :) LTNS, tmclaugh. Haven't seen you around recently. --TJ