Date: Sun, 07 Sep 2008 07:55:26 -0400 From: Mike Tancsa <mike@sentex.net> To: freebsd-security@freebsd.org Subject: Heimdal or MIT for kerberos? Message-ID: <200809071155.m87BtS2H082832@lava.sentex.ca>
next in thread | raw e-mail | index | archive | help
We are looking at deploying Kerberos for better user management (SSO)
and 2 factor authentication via pkcs#11 etokens. The servers are all
FreeBSD and the machines principals will login from a mix of FreeBSD,
Windows and MAC OSX using ssh and openvpn. As part of our compliance
project, access must be 2 factor. The Heimdal in RELENG_7 is a
rather old version and doesnt seem to have all the bits needed for
x509 pre-auth so I would probably need to install from the ports
anyways. Does anyone have any suggestions as to which
implementation to use ? We are in Canada so it doesnt matter
regulation wise. Is one better maintained than the other ? There are
no legacy v4 apps
Thanks,
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809071155.m87BtS2H082832>