Re: Tjener does Kerberos...

To: debian-edu@lists.debian.org
Subject: Re: Tjener does Kerberos...
From: Maximilian Wilhelm <max@rfc2324.org>
Date: Mon, 28 Jun 2004 23:40:18 +0200
Message-id: <[🔎] 20040628214017.GC531@rfc3514.org>
Mail-followup-to: debian-edu@lists.debian.org
In-reply-to: <[🔎] 20040628210536.GG1643@lukas.schuldei.com>
References: <[🔎] 20040627211209.GB1003@rfc3514.org> <[🔎] 20040628210536.GG1643@lukas.schuldei.com>

Am Montag, den 28. Juni hub Andreas Schuldei folgendes in die Tasten:

> there is a good reason to use heimdal: you can keep the keys in
> ldap. that lets you avoid the ssh unsigned key thing.

Veto!
I know that this is possible, but it's another security hole, if one
cracks LDAP or there is a mistake in the LDAP config.
I do not want to put everything that is possible into our LDAP tree,
to avoid a single point of failure (kerberos auth can also be used,
if you are not on the Skolelinux network and then you don't need LDAP,
but only the KDC).

btw: We would have to rebuild some software (e.g. ssh) to let it work
with heimdal, if I see the dependecies correctly.

I would strongly vote for MIT Kerberos.

Ciao
Max
-- 
	Follow the white penguin.

Reply to:

References:
- Tjener does Kerberos...
  - From: Maximilian Wilhelm <max@rfc2324.org>
- Re: Tjener does Kerberos...
  - From: Andreas Schuldei <andreas@schuldei.org>

Prev by Date: Re: Tjener does Kerberos...
Next by Date: Re: CVS update: src/debian-edu/tasks workstation-extra common main-server networked thin-client-server workstation
Previous by thread: Re: Tjener does Kerberos...
Next by thread: Secure tjener...
Index(es):
- Date
- Thread