[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: which Kerberos implementation?

[Andreas B. Mundt]
> Does this mean we can't split ldap-server and kdc-server? Or is this
> a bad idea anyway?

I suspect that is what it mean.  On the other hand, using a unix
domain socket might be a good idea to avoid having to store a admin
password in clear text on the disk, and it might make it easier to
bootstrap the Kerberos-LDAP setup automatically during installation.

I do not know enought about Kerberos implementations to say which one
is best for us.  MIT and Heimdal Kerberos seem to be the most used,
while shishi seem interesting too, but [1] make me suspect the project
is sleeping/dead.  They seem to have different problems and
advantages, and I hope you are able to figure out which one is best
for Debian Edu.

 1 http://www.gnu.org/software/shishi/

Happy hacking,
Petter Reinholdtsen

Reply to: