Remove Heimdal Kerberos from my FreeBSD

Joerg Sonnenberger joerg at
Mon Jul 18 15:23:50 GMT 2005

On Mon, Jul 18, 2005 at 09:44:35PM +0930, Daniel O'Connor wrote:
> There is always a trade off but it seems most people don't think Heimdal is 
> insecure enough to disable by default. (Has it has any bugs that have been 
> exploitable in an unused configuration recently? I don't believe so).

In the last two years, there have been some nasty problems in Heimdal,
not as bad as MIT krb5 though. This is from memory, I might be wrong.

For the original poster, the default is a trade-off, it has both postive
and negative sides. In DragonFly, we still default to OFF, mostly
because we can't take advantage of it e.g. for smb anyway, since we
don't have NSS. Beside the given example of Active Directory, NFS 4 uses
GSSAPI and Kerberos 5 too. Those are two things a lot of people want to
support of the box.


More information about the freebsd-hackers mailing list