How to update or should we update Kerberos
Sean Bruno
sbruno at freebsd.org
Tue May 29 12:47:36 UTC 2018
On 05/28/18 20:34, Cy Schubert wrote:
>>> I'm ignorant as to what we need it for.
>> It's a great way to simplify the bootstrap process when setting up
>> new machines (in an existing realm environment), in particular, it
>> is used in the FreeBSD cluster. Prior to pkgng's introduction of
>> signed packages, it was the only way for me to securely integrate a
>> new install that did not involve hand-transcribing key material or
>> putting it on removable media. I think the signed-packages
>> situation helps somewhat, but there are definitely still cases where
>> it's useful to have.
> When I was at $JOB-1, our script created a keytab and pushed keys
> through an ssh session from each admin's Linux, FreeBSD, or Solaris
> desktop.
Heh, yeah, I asked this question *wrong*. I know how we use it in the
cluster. :-)
I mean to ask, "why aren't we using ports for kerberos?" What purpose
does it serve in the base system?
sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 618 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20180529/89a89f45/attachment.sig>
More information about the freebsd-arch
mailing list