Re: which Kerberos implementation?

To: debian-edu@lists.debian.org
Subject: Re: which Kerberos implementation?
From: Petter Reinholdtsen <pere@hungry.com>
Date: Sat, 1 May 2010 19:26:03 +0200
Message-id: <[🔎] 20100501172603.GI12919@login2.uio.no>
In-reply-to: <[🔎] 20100501162306.GA9398@flashgordon>
References: <20100414152256.GA10920@login2.uio.no> <20100414182137.GM30490@jones.dk> <20100415092523.GF20697@login1.uio.no> <20100420050124.GD28467@login1.uio.no> <20100424195249.GR10112@login2.uio.no> <[🔎] 20100501162306.GA9398@flashgordon>

[Andreas B. Mundt]
> Does this mean we can't split ldap-server and kdc-server? Or is this
> a bad idea anyway?

I suspect that is what it mean.  On the other hand, using a unix
domain socket might be a good idea to avoid having to store a admin
password in clear text on the disk, and it might make it easier to
bootstrap the Kerberos-LDAP setup automatically during installation.

I do not know enought about Kerberos implementations to say which one
is best for us.  MIT and Heimdal Kerberos seem to be the most used,
while shishi seem interesting too, but [1] make me suspect the project
is sleeping/dead.  They seem to have different problems and
advantages, and I hope you are able to figure out which one is best
for Debian Edu.

 1 http://www.gnu.org/software/shishi/

Happy hacking,
-- 
Petter Reinholdtsen

Reply to:

Follow-Ups:
- MIT-kerberos versus Heimdal
  - From: "Andreas B. Mundt" <andi.mundt@web.de>

References:
- which Kerberos implementation?
  - From: "Andreas B. Mundt" <andi.mundt@web.de>

Prev by Date: which Kerberos implementation?
Next by Date: Processing of debian-edu-config_1.441_i386.changes
Previous by thread: which Kerberos implementation?
Next by thread: MIT-kerberos versus Heimdal
Index(es):
- Date
- Thread