Heimdal or MIT for kerberos?

Gunnar Flygt flygt at sr.se
Wed Sep 10 06:46:03 UTC 2008


I'm very pleased with heimdal 1.1. I compile it from sources. No big
problem. Compile on one machine and copy the file structure to the other
at the same OS level. Then using openssh-gssapi-overwrite-base-5.0.p1,1
with the KRB5_HOME flag set to the directory of heimdal. Same thing
there, compile and make a package on one machine. The KDC's run FreeBSD
7 and the same release of heimdal as the others.


On Sun, Sep 07, 2008 at 07:55:26AM -0400, Mike Tancsa wrote:
> We are looking at deploying Kerberos for better user management (SSO) 
> and 2 factor authentication via pkcs#11 etokens.  The servers are all 
> FreeBSD and the machines principals will login from a mix of FreeBSD, 
> Windows and MAC OSX using ssh and openvpn.  As part of our compliance 
> project, access must be 2 factor.  The Heimdal in RELENG_7 is a 
> rather old version and doesnt seem to have all the bits needed for 
> x509 pre-auth so I would probably need to install from the ports 
> anyways.   Does anyone have any suggestions as to which 
> implementation to use ? We are in Canada so it doesnt matter 
> regulation wise. Is one better maintained than the other ?  There are 
> no legacy v4 apps
> Thanks,
> 
>         ---Mike
> 
> --------------------------------------------------------------------
> Mike Tancsa,                                      tel +1 519 651 3400
> Sentex Communications,                            mike at sentex.net
> Providing Internet since 1994                    www.sentex.net
> Cambridge, Ontario Canada                         www.sentex.net/mike
> 
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"


More information about the freebsd-security mailing list