Date: Tue, 29 May 2018 06:47:29 -0600 From: Sean Bruno <sbruno@freebsd.org> To: Cy Schubert <Cy.Schubert@cschubert.com>, Benjamin Kaduk <kaduk@mit.edu> Cc: freebsd-arch <freebsd-arch@freebsd.org> Subject: Re: How to update or should we update Kerberos Message-ID: <8e9fa53a-7455-d408-501e-461f40d44a3a@freebsd.org> In-Reply-To: <201805290234.w4T2YZH9003991@slippy.cwsent.com> References: <201805290234.w4T2YZH9003991@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --EWqNamxbhDQJPIG44vP96AI3BHNXduvJN Content-Type: multipart/mixed; boundary="tjmh1yFeQjzYZVaGKGZ6hEex0egVqScR4"; protected-headers="v1" From: Sean Bruno <sbruno@freebsd.org> To: Cy Schubert <Cy.Schubert@cschubert.com>, Benjamin Kaduk <kaduk@mit.edu> Cc: freebsd-arch <freebsd-arch@freebsd.org> Message-ID: <8e9fa53a-7455-d408-501e-461f40d44a3a@freebsd.org> Subject: Re: How to update or should we update Kerberos References: <201805290234.w4T2YZH9003991@slippy.cwsent.com> In-Reply-To: <201805290234.w4T2YZH9003991@slippy.cwsent.com> --tjmh1yFeQjzYZVaGKGZ6hEex0egVqScR4 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 05/28/18 20:34, Cy Schubert wrote: >>> I'm ignorant as to what we need it for. >> It's a great way to simplify the bootstrap process when setting up >> new machines (in an existing realm environment), in particular, it >> is used in the FreeBSD cluster. Prior to pkgng's introduction of >> signed packages, it was the only way for me to securely integrate a >> new install that did not involve hand-transcribing key material or >> putting it on removable media. I think the signed-packages >> situation helps somewhat, but there are definitely still cases where >> it's useful to have. > When I was at $JOB-1, our script created a keytab and pushed keys=20 > through an ssh session from each admin's Linux, FreeBSD, or Solaris=20 > desktop. Heh, yeah, I asked this question *wrong*. I know how we use it in the cluster. :-) I mean to ask, "why aren't we using ports for kerberos?" What purpose does it serve in the base system? sean --tjmh1yFeQjzYZVaGKGZ6hEex0egVqScR4-- --EWqNamxbhDQJPIG44vP96AI3BHNXduvJN Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEE6MTp+IA1BOHj9Lo0veT1/om1/LYFAlsNS+FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEU4 QzRFOUY4ODAzNTA0RTFFM0Y0QkEzNEJERTRGNUZFODlCNUZDQjYACgkQveT1/om1 /LZcMwf/QiTFInG5TNw+SG9et1qYphCkCnSnF0j+HkjwiPyIbWuETzI0v9wMR5sM 4El+Pevq2xNDqOkxUoyLxi4CW2/nXI+BshOSTk2e4Tlg52NYqk6LQdsXOEDbe1xN OwvTjzZYRE1+gmzyXb6kkvBMDcCMYhtK6WHpskDHj60tGFGgUGElylQ72DjuwWR9 /T0o2/AheEJm3SecXnqcxE84P2QEtnJv4J63qYErrnIHhWvbtPH1VWvsHcShWt62 IPNpHGQ78WPZbTxzggV0M1dl+UAmcLIaTUVdfNkS/U2wYhdIIw755eaXWRDqaV/s 9hHIt+S4/2VL8a4p7/ld1fox3L7Hxg== =9X8K -----END PGP SIGNATURE----- --EWqNamxbhDQJPIG44vP96AI3BHNXduvJN--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e9fa53a-7455-d408-501e-461f40d44a3a>