How to update or should we update Kerberos
Benjamin Kaduk
kaduk at mit.edu
Tue May 29 00:36:13 UTC 2018
On Mon, May 28, 2018 at 12:49:41PM -0600, Sean Bruno wrote:
> https://github.com/heimdal/heimdal/releases
>
> Since we haven't updated Kerberos for 6 years, I'm curious why we even
cy has some WIP in projects/krb5, which at least initially was to
switch to MIT krb5 in base (but now may be more ambitious and leave
both Heimdal and MIT options).
> have it floating around in base.
>
> I'm ignorant as to what we need it for.
It's a great way to simplify the bootstrap process when setting up
new machines (in an existing realm environment), in particular, it
is used in the FreeBSD cluster. Prior to pkgng's introduction of
signed packages, it was the only way for me to securely integrate a
new install that did not involve hand-transcribing key material or
putting it on removable media. I think the signed-packages
situation helps somewhat, but there are definitely still cases where
it's useful to have.
On the other hand, it's also sometimes frustrating when it's
6-year-old code and I also want to be in an MIT krb5 environment.
But I hope that cy will continue with the project branch and we'll
get an update "soon".
-Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 667 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20180528/d259b9e8/attachment.sig>
More information about the freebsd-arch
mailing list