Re: which Kerberos implementation?
- To: firstname.lastname@example.org
- Subject: Re: which Kerberos implementation?
- From: Petter Reinholdtsen <email@example.com>
- Date: Sat, 1 May 2010 19:26:03 +0200
- Message-id: <20100501172603.GI12919@login2.uio.no>
- In-reply-to: <20100501162306.GA9398@flashgordon>
- References: <20100414152256.GA10920@login2.uio.no> <20100414182137.GM30490@jones.dk> <20100415092523.GF20697@login1.uio.no> <20100420050124.GD28467@login1.uio.no> <20100424195249.GR10112@login2.uio.no> <20100501162306.GA9398@flashgordon>
[Andreas B. Mundt]
> Does this mean we can't split ldap-server and kdc-server? Or is this
> a bad idea anyway?
I suspect that is what it mean. On the other hand, using a unix
domain socket might be a good idea to avoid having to store a admin
password in clear text on the disk, and it might make it easier to
bootstrap the Kerberos-LDAP setup automatically during installation.
I do not know enought about Kerberos implementations to say which one
is best for us. MIT and Heimdal Kerberos seem to be the most used,
while shishi seem interesting too, but  make me suspect the project
is sleeping/dead. They seem to have different problems and
advantages, and I hope you are able to figure out which one is best
for Debian Edu.