Re: suggestion: move krb5 daemons to krb5-daemons subpackage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2004-11-24 at 02:44, Enrico Scholz wrote:

> It is impossible in the typical FC environment (2-3 hosts in a
> network, where one machine has 'www', 'ldap', 'imap', 'kerberos',
> 'db' alias-names). You will never get GSSAPI authentication with
> MIT kerberos running there.

I put "search <domain> ." in /etc/resolv.conf and can "telnet
<shortname>" just fine. Don't know about MITKRB though.

However, Kerberos is mostly useful for large installations. While basing
one of those on FC might not be a good idea, a single FC host should
still fit in there just as well as a RHEL host.

> I never said this... 

Ok, then. Sorry.

> Just, that the FC kerberos can not be set up
> correctly within a vanilla FC environment.

I doubt this...

> Yes, Heimdal seems to be far superior to MIT Kerberos. It supports
> replication and has better AFS support (although I do not know if this
> is still an issue with recent, krb5-based OpenAFS).

Nalin's new pam_krb5 minikafs should support krb5 with both OpenAFS 1.3
and Arla. It replaces the krb4-only krbafs RPM, which is based on code
that is shared between KTH-KRB (krb4) and Heimdal. (Yes, enabling krb5
in krbafs should only be a matter of using the right #defines, but I
don't think anything uses krbafs anymore.)

>  It is a puzzle why FC ships MIT Kerberos only...

I might get around to submitting my RPMs when Extras opens. Still, RH
has people in Boston, near MIT. I don't know if that matters.

> But I saw the man-page of BSD's implementation of kerberos... Support
> for TCP transport and tunneling over HTTP proxies... wow... I want to
> have this also...

I'm just glad I've never needed HTTP tunneling. :-)

/abo



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux