I'm very pleased with heimdal 1.1. I compile it from sources. No big problem. Compile on one machine and copy the file structure to the other at the same OS level. Then using openssh-gssapi-overwrite-base-5.0.p1,1 with the KRB5_HOME flag set to the directory of heimdal. Same thing there, compile and make a package on one machine. The KDC's run FreeBSD 7 and the same release of heimdal as the others.
On Sun, Sep 07, 2008 at 07:55:26AM -0400, Mike Tancsa wrote: > We are looking at deploying Kerberos for better user management (SSO) > and 2 factor authentication via pkcs#11 etokens. The servers are all > FreeBSD and the machines principals will login from a mix of FreeBSD, > Windows and MAC OSX using ssh and openvpn. As part of our compliance > project, access must be 2 factor. The Heimdal in RELENG_7 is a > rather old version and doesnt seem to have all the bits needed for > x509 pre-auth so I would probably need to install from the ports > anyways. Does anyone have any suggestions as to which > implementation to use ? We are in Canada so it doesnt matter > regulation wise. Is one better maintained than the other ? There are > no legacy v4 apps > Thanks, > > ---Mike > > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, [EMAIL PROTECTED] > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
