On Mon, 10 May 2004, Havoc Pennington wrote: > Hi, > > Something we've wanted to do for a long time is create a matrix of > programs that should support Kerberos authentication, and start checking > them off. I guess this includes both client-side and server-side. > > Does anyone have a good start on this? > > Any real-world experience/scenarios where Kerberos support was needed > and not available? (Which things should be Kerberized first?) RH actually used to support krb a bit better than it does now ;-( At any rate, apps which need kerberization: ssh -- can't remember off-hand if RH RPMs are patched now or not? cups -- lprng did support, cups doesn't yet dovecot -- uw-imap did support, dovecot doesn't yet MUA -- no idea, as I don't use any of the ones RH ships Mozilla -- efforts appear underway here amanda -- not sure if upstream supports krb5 or just krb4 right now, but kerberized backups are a requirement here For me, though, the biggest problem is the generic pam / glibc / moon phase / whatever interaction where RH and Fedora systems blow up badly, failing to degrade back to existing local accounts, if a distributed information / authentication (LDAP, krb, NIS) is down.... Any enterprise that's going Kerberos, IMHO, can mostly work around the rest simply by pushing out more functional software than what RH ships, but that one can be kinda a pain to work around.... later, chris
