Date: Mon, 18 Jul 2005 16:30:22 +0200 From: Joerg Sonnenberger <joerg@britannica.bec.de> To: freebsd-hackers@freebsd.org Subject: Re: Remove Heimdal Kerberos from my FreeBSD Message-ID: <20050718143022.GA1398@britannica.bec.de> In-Reply-To: <200507182144.49399.doconnor@gsoft.com.au> References: <20050716194319.4375451a.vlady@sun-fish.com> <200507182055.57651.doconnor@gsoft.com.au> <20050718144421.68977452.vlady@sun-fish.com> <200507182144.49399.doconnor@gsoft.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 18, 2005 at 09:44:35PM +0930, Daniel O'Connor wrote: > There is always a trade off but it seems most people don't think Heimdal is > insecure enough to disable by default. (Has it has any bugs that have been > exploitable in an unused configuration recently? I don't believe so). In the last two years, there have been some nasty problems in Heimdal, not as bad as MIT krb5 though. This is from memory, I might be wrong. For the original poster, the default is a trade-off, it has both postive and negative sides. In DragonFly, we still default to OFF, mostly because we can't take advantage of it e.g. for smb anyway, since we don't have NSS. Beside the given example of Active Directory, NFS 4 uses GSSAPI and Kerberos 5 too. Those are two things a lot of people want to support of the box. Joerg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050718143022.GA1398>