Re: which Kerberos implementation?
[Andreas B. Mundt]
> Does this mean we can't split ldap-server and kdc-server? Or is this
> a bad idea anyway?
I suspect that is what it mean. On the other hand, using a unix
domain socket might be a good idea to avoid having to store a admin
password in clear text on the disk, and it might make it easier to
bootstrap the Kerberos-LDAP setup automatically during installation.
I do not know enought about Kerberos implementations to say which one
is best for us. MIT and Heimdal Kerberos seem to be the most used,
while shishi seem interesting too, but [1] make me suspect the project
is sleeping/dead. They seem to have different problems and
advantages, and I hope you are able to figure out which one is best
for Debian Edu.
1 http://www.gnu.org/software/shishi/
Happy hacking,
--
Petter Reinholdtsen
Reply to: