From owner-freebsd-current@FreeBSD.ORG  Sun Jun  6 19:32:41 2010
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9CE1C1065677;
	Sun,  6 Jun 2010 19:32:41 +0000 (UTC)
	(envelope-from lyndon@orthanc.ca)
Received: from orthanc.ca (ve6bbm-1-pt.tunnel.tserv13.ash1.ipv6.he.net
	[IPv6:2001:470:7:139::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 559958FC1B;
	Sun,  6 Jun 2010 19:32:41 +0000 (UTC)
Received: from orthanc.ca (localhost4 [127.0.0.1])
	by orthanc.ca (8.14.3/8.14.3) with ESMTP id o56JWZlg033401
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sun, 6 Jun 2010 13:32:35 -0600 (MDT)
	(envelope-from lyndon@orthanc.ca)
Received: (from uucp@localhost)
	by orthanc.ca (8.14.3/8.14.3/Submit) with UUCP id o56JWZZC033400;
	Sun, 6 Jun 2010 12:32:35 -0700 (PDT)
	(envelope-from lyndon@orthanc.ca)
Received: from legolas (legolas [172.16.0.4]) (authenticated bits=0)
	by legolas.orthanc.ca (8.14.4/8.14.4) with ESMTP id o56JWXak075644
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sun, 6 Jun 2010 12:32:33 -0700 (PDT)
	(envelope-from lyndon@orthanc.ca)
Date: Sun, 6 Jun 2010 12:32:33 -0700 (PDT)
From: Lyndon Nerenberg <lyndon@orthanc.ca>
To: Garrett Wollman <wollman@bimajority.org>
In-Reply-To: <19467.61790.690469.182207@hergotha.csail.mit.edu>
Message-ID: <alpine.BSF.2.00.1006061221130.73670@legolas.orthanc.ca>
References: <AANLkTik213g_8W2ocr3mCCb2EED8RBXsYBavdYll1PI_@mail.gmail.com>
	<19467.61790.690469.182207@hergotha.csail.mit.edu>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Organization: The Frobozz Magic Homing Pigeon Company
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Mailman-Approved-At: Sun, 06 Jun 2010 20:06:59 +0000
Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org
Subject: Re: Our aging base system krb5 [heimdal]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jun 2010 19:32:41 -0000

> (And yes, this is a bit of an irony considering that I used to be the
> maintainer of the base-system Kerberos code in the long-ago krb4
> days.  But my job requires me to administer MIT Kerberos, so I need
> the MIT kadmin utility and not the Heimdal one.)

Aren't the reasons for the Heimdal distribution moot these days?

Beyond that, Free is one of the few UNIXen I cannot talk to (or from!) 
using Kerberos for things like SSH, rlogin, rdist, etc. We're woefully 
behind Solaris, Linux, even Windows, when it comes to integrated GSSAPI/K5 
SSO authentication.

--lyndon