Re: Tjener does Kerberos...
Am Montag, den 28. Juni hub Andreas Schuldei folgendes in die Tasten:
> there is a good reason to use heimdal: you can keep the keys in
> ldap. that lets you avoid the ssh unsigned key thing.
Veto!
I know that this is possible, but it's another security hole, if one
cracks LDAP or there is a mistake in the LDAP config.
I do not want to put everything that is possible into our LDAP tree,
to avoid a single point of failure (kerberos auth can also be used,
if you are not on the Skolelinux network and then you don't need LDAP,
but only the KDC).
btw: We would have to rebuild some software (e.g. ssh) to let it work
with heimdal, if I see the dependecies correctly.
I would strongly vote for MIT Kerberos.
Ciao
Max
--
Follow the white penguin.
Reply to: