Re: ITP Heimdal (Kerberos 5)
>>>>> "Jim" == Jim Lynch <email@example.com> writes:
>> I have packaged a peliminary version of it.
Jim> Where?? Can I get and try it?
Hope to package it as soon as I get the copyright issue fixed up...
Each source file contains a copyright notice at the top. There are
several different versions. What should I do? Try and identify each
unique version, and include it in the Debian copyright file? Ask
upstream for a single copyright notice that covers the whole package?
Jim> About clients... Please consider the pam kerberos module by
Jim> Mr. Itoi;
Jim> http://www-personal.engin.umich.edu/~itoi/ is his site.
Jim> pam_krb5 could make clients unnecessary; libpamc might help
Jim> with using tickets as authentication.
Heimdal comes with a PAM module, too, however, I haven't worked
out yet how to build it ;-) (probably need pam development
or something installed first).
Jim> Further, Mr. Itoi has been working on a form of Pam for Win
Jim> NT, and a module for it that is said to work with
Jim> kerberos. Information about it is at the same place as
Jim> above. Perhaps this could mean that a Debian machine could
Jim> completely act as password server for an NT server which
Jim> clients log onto. If not by kerberos, perhaps by another
Jim> method: Itoi indicated the difficulty in debugging the "gina"
Jim> shared lib which NT uses to authenticate is made larger by
Jim> the fact that any changes to that .dll requires a reboot of
Jim> the machine. His effort at pamifying NT could mean that
Jim> creating other ways to authenticate could be easier and
Jim> faster since no reboot is needed to remove and re-insert a
I know of somebody who was doing something similar for NT in
Australia. I don't use windows, so can't really comment further.
As for windows 2000, what programs will microsoft ship that support
Kerberos? file/printer sharing? outlook? Support for both pop and
nntp? Actually, I am skeptical. I will believe it when I see it ;-)
As for the KDC must run on a windows computer - I would have to
redesign my network - currently no windows computer has direct access
to the Internet. I don't think I trust windows security enough to do
this. Me wonders if you will have to pay for a more expensive version
of windows 2000 just to get the KDC anyway...
Heimdal also comes with SIA support (I think that is used by Digital
Oh... BTW, the Heimdal people have been doing experiments with Windows
KDC, in order to crack its proprietry protocol. For more information,
refer to the info documentation. So maybe things aren't so bad after
all. However, Microsoft says it reserves the right to change the
format without prior notice.
Brian May <firstname.lastname@example.org>