[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Intent to package KerberosV

> Meanwhile, I've identified the following additional packages which can 
> be Kerberized immediately via compile-time flags:
>   IMAP (get your mail from the site you expected; prevent snooping)
>   LPRNG (network print to the site you expected; prevent interceptions)
>   POSTGRES (grant access to database via Kerberos tickets)
> AMANDA can be K4'd today, and the development version can be K5'd.

> I have heard that the NCSA httpd can be Kerberized, but I haven't
> looked at it in great detail.
> XFREE86, unfortunately, uses a slightly older Kerberos V API.

The original Umich LDAP can be Kerberised easily (K4 - I think) I know Kerberos
support is on the development list for OpenLDAP but I am not sure where it

Unfortunately all of these probably require a fork to a non-us maintainer
(except for the case where the primary maintainer is already non US.
This seems to be in unintentional side effect of US export policy, which is
actively forcing development of opensource crypto applications to be carried
out outside the US.

More and more key software systems are likely to have a cryptographic
component, and as their open source versions are generally developed by
international groups the main effect is to deprive the US developers of the
opportunity to participate in the cryptographic components.

		John Lines

p.s. wnpp - please consider this a request to have a kerberised LDAP package
(if the WNPP list is allowed to even mention such things on a US server)

Reply to: