Heimdal or MIT for kerberos?
Gunnar Flygt
flygt at sr.se
Wed Sep 10 06:46:03 UTC 2008
I'm very pleased with heimdal 1.1. I compile it from sources. No big
problem. Compile on one machine and copy the file structure to the other
at the same OS level. Then using openssh-gssapi-overwrite-base-5.0.p1,1
with the KRB5_HOME flag set to the directory of heimdal. Same thing
there, compile and make a package on one machine. The KDC's run FreeBSD
7 and the same release of heimdal as the others.
On Sun, Sep 07, 2008 at 07:55:26AM -0400, Mike Tancsa wrote:
> We are looking at deploying Kerberos for better user management (SSO)
> and 2 factor authentication via pkcs#11 etokens. The servers are all
> FreeBSD and the machines principals will login from a mix of FreeBSD,
> Windows and MAC OSX using ssh and openvpn. As part of our compliance
> project, access must be 2 factor. The Heimdal in RELENG_7 is a
> rather old version and doesnt seem to have all the bits needed for
> x509 pre-auth so I would probably need to install from the ports
> anyways. Does anyone have any suggestions as to which
> implementation to use ? We are in Canada so it doesnt matter
> regulation wise. Is one better maintained than the other ? There are
> no legacy v4 apps
> Thanks,
>
> ---Mike
>
> --------------------------------------------------------------------
> Mike Tancsa, tel +1 519 651 3400
> Sentex Communications, mike at sentex.net
> Providing Internet since 1994 www.sentex.net
> Cambridge, Ontario Canada www.sentex.net/mike
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list