Heimdal vs MIT KerberosV

Sat Feb 28 01:01:44 PST 2009

On Fri, Feb 27, 2009 at 7:44 PM, Tom McLaughlin
<tmclaugh at sdf.lonestar.org>wrote:

> Mel wrote:
>
>> On Thursday 26 February 2009 08:48:35 Tim Judd wrote:
>>
>> Building WITHOUT_KERBEROS and installing MIT-port, is best option to use
>> that implementation. You may need to remove libraries by hand, not sure if
>> make delete-old-libs covers it.
>>
>
> Using WITHOUT_KERBEROS to build world IIRC will cause you to lose
> pam_{krb5,ksu} and GSSAPI support in ssh.  Depending on your environment,
> those might be useful.
>
> Other than the kadmin protocol differences why change from Heimdal to MIT?
>
> tom
>
> --
> | tmclaugh at sdf.lonestar.org                 tmclaugh at FreeBSD.org |
> | FreeBSD                                       http://www.FreeBSD.org |
>
>

Frankly - it's a matter of exploration, learning and understanding of
everything all put together.

Secondly, it's because MIT offers a windows MIT KerberosV application and I
wanted to see them interact with each other.

Thirdly, src.conf(5) clearly states that the knob WITH_GSSAPI will
re-introduce that back into world.  And as a subnote, I don't know how to
use GSSAPI, don't know how to administer the API, or enable a service/daemon
to utilize GSSAPI.

Fourthly -- Loosing the pam_{krb5,ksu} is no sweat.  As the first, initial
play thing, I'd keep local accounts, enabling K5 and see how they interact.
Speaking of the interaction, it's the time to learn DNS SRV records, and K5
seems a useful go at it.

I may have forgotten a reason, but it's how my mind works, how I enjoy to
learn, and I'm not going to break the Internet doing it.  :)

LTNS, tmclaugh.  Haven't seen you around recently.

--TJ