Re: ITP Heimdal (Kerberos 5)

To: debian-devel@lists.debian.org
Subject: Re: ITP Heimdal (Kerberos 5)
From: Brian May <bam@debian.org>
Date: 25 Dec 1999 09:20:29 +1100
Message-id: <[🔎] 847li4rnf6.fsf@snoopy.apana.org.au>
In-reply-to: jim@laney.edu's message of "24 Dec 99 20:57:44 GMT"
References: <[🔎] 84ogbim5oq.fsf@snoopy.apana.org.au> <[🔎] 199912242057.MAA18970@earth.laney.edu>

>>>>> "Jim" == Jim Lynch <jim@laney.edu> writes:

    >> I have packaged a peliminary version of it.

    Jim> Where?? Can I get and try it?

Hope to package it as soon as I get the copyright issue fixed up...

Each source file contains a copyright notice at the top. There are
several different versions. What should I do? Try and identify each
unique version, and include it in the Debian copyright file?  Ask
upstream for a single copyright notice that covers the whole package?

    Jim> About clients... Please consider the pam kerberos module by
    Jim> Mr. Itoi;

    Jim> http://www-personal.engin.umich.edu/~itoi/ is his site.

    Jim> pam_krb5 could make clients unnecessary; libpamc might help
    Jim> with using tickets as authentication.

Heimdal comes with a PAM module, too, however, I haven't worked
out yet how to build it ;-) (probably need pam development
or something installed first).

    Jim> Further, Mr. Itoi has been working on a form of Pam for Win
    Jim> NT, and a module for it that is said to work with
    Jim> kerberos. Information about it is at the same place as
    Jim> above. Perhaps this could mean that a Debian machine could
    Jim> completely act as password server for an NT server which
    Jim> clients log onto. If not by kerberos, perhaps by another
    Jim> method: Itoi indicated the difficulty in debugging the "gina"
    Jim> shared lib which NT uses to authenticate is made larger by
    Jim> the fact that any changes to that .dll requires a reboot of
    Jim> the machine. His effort at pamifying NT could mean that
    Jim> creating other ways to authenticate could be easier and
    Jim> faster since no reboot is needed to remove and re-insert a
    Jim> module.

I know of somebody who was doing something similar for NT in
Australia. I don't use windows, so can't really comment further.

As for windows 2000, what programs will microsoft ship that support
Kerberos? file/printer sharing? outlook? Support for both pop and
nntp? Actually, I am skeptical. I will believe it when I see it ;-)

As for the KDC must run on a windows computer - I would have to
redesign my network - currently no windows computer has direct access
to the Internet. I don't think I trust windows security enough to do
this. Me wonders if you will have to pay for a more expensive version
of windows 2000 just to get the KDC anyway...

Heimdal also comes with SIA support (I think that is used by Digital
Unix).

Oh... BTW, the Heimdal people have been doing experiments with Windows
KDC, in order to crack its proprietry protocol. For more information,
refer to the info documentation. So maybe things aren't so bad after
all.  However, Microsoft says it reserves the right to change the
format without prior notice.

-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: ITP Heimdal (Kerberos 5)
  - From: md@linux.it (Marco d'Itri)

References:
- ITP Heimdal (Kerberos 5)
  - From: Brian May <bam@debian.org>
- Re: ITP Heimdal (Kerberos 5)
  - From: Jim Lynch <jim@laney.edu>

Prev by Date: Re: Restarting Daemons on package install/upgrade.
Next by Date: Re: Cloning machine
Previous by thread: Re: ITP Heimdal (Kerberos 5)
Next by thread: Re: ITP Heimdal (Kerberos 5)
Index(es):
- Date
- Thread