which Kerberos implementation?

To: debian-edu@lists.debian.org
Subject: which Kerberos implementation?
From: "Andreas B. Mundt" <andi.mundt@web.de>
Date: Sat, 1 May 2010 18:23:06 +0200
Message-id: <[🔎] 20100501162306.GA9398@flashgordon>
Mail-followup-to: debian-edu@lists.debian.org
In-reply-to: <20100424195249.GR10112@login2.uio.no>
References: <20100414152256.GA10920@login2.uio.no> <20100414182137.GM30490@jones.dk> <20100415092523.GF20697@login1.uio.no> <20100420050124.GD28467@login1.uio.no> <20100424195249.GR10112@login2.uio.no>

On Sat, Apr 24, 2010 at 09:52:49PM +0200, Petter Reinholdtsen wrote:
> [Petter Reinholdtsen]
> Not sure which Kerberos implementation we should use.  Reading
> <URL: http://grep.be/blog/en/lazyweb/re_kerberos_ldap > make me
> suspect Heimdal Kerberos might be a better choice than MIT Kerberos,
> as it has had support for storing principals in LDAP for a long time.

I am just looking at http://www.h5l.org/manual/HEAD/info/heimdal/Using-LDAP-to-store-the-database.html#Using-LDAP-to-store-the-database 

and there it states:

[...]
Since Heimdal talks to the LDAP server over a UNIX domain socket, and
uses external sasl authentication, it's not possible to require
security layer quality (ssf in cyrus-sasl lingo). So that requirement
has to be turned off in OpenLDAP slapd configuration file slapd.conf.
[...]

Does this mean we can't split ldap-server and kdc-server? Or is this a
bad idea anyway? 

Cheers
	Andi

Reply to:

Follow-Ups:
- Re: which Kerberos implementation?
  - From: Petter Reinholdtsen <pere@hungry.com>

Next by Date: Re: which Kerberos implementation?
Next by thread: Re: which Kerberos implementation?
Index(es):
- Date
- Thread