cvs commit: src/release Makefile src/release/scripts
crypto-install.sh
Kris Kennaway
kris at obsecurity.org
Wed Apr 30 12:41:58 PDT 2003
On Wed, Apr 30, 2003 at 03:17:04PM -0400, Garrett Wollman wrote:
> <<On Wed, 30 Apr 2003 11:16:03 -0700, Kris Kennaway <kris at obsecurity.org> said:
>
> > Hmm, is it really a good idea to combine crypto and krb5? krb5 is, I
> > suspect, a rarely-used feature in the wild.
>
> ``The wild'' contains lots and lots of Windows Active Directory
> implementations.
>
> For any operation larger than a few dozen hosts, Kerberos is a great
> deal easier to manage than n^2 SSH key combinations. (This presumes
> that you have a working version of Kerberized SSH, which at present
> means OpenSSH 3.4 with the patches.) Even for relatively small
> installations, the convenience factor can be significant, particularly
> when integrated with other operating systems infrastructure.
I'm quite prepared to believe it can be very convenient and useful,
and I know several people who use it, but I still maintain it is not
widely used.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20030430/1a3fe92a/attachment.bin
More information about the cvs-all
mailing list