Re: Heimdal or MIT for kerberos?

Tue, 16 Sep 2008 07:36:19 -0700 

At 02:34 AM 9/10/2008, Gunnar Flygt wrote:

I'm very pleased with heimdal 1.1. I compile it from sources. No big
problem. Compile on one machine and copy the file structure to the other
at the same OS level. Then using openssh-gssapi-overwrite-base-5.0.p1,1
with the KRB5_HOME flag set to the directory of heimdal. Same thing
there, compile and make a package on one machine. The KDC's run FreeBSD
7 and the same release of heimdal as the others.


Hi,

        Thanks for the response!  When you installed heimdal 1.1 
from the source, did you overwrite the local libs, or did you keep 
everything in /usr/local ?  Also, do you use hx509 at all and certs 
for pre-auth ?


        ---Mike



On Sun, Sep 07, 2008 at 07:55:26AM -0400, Mike Tancsa wrote:
> We are looking at deploying Kerberos for better user management (SSO)
> and 2 factor authentication via pkcs#11 etokens.  The servers are all
> FreeBSD and the machines principals will login from a mix of FreeBSD,
> Windows and MAC OSX using ssh and openvpn.  As part of our compliance
> project, access must be 2 factor.  The Heimdal in RELENG_7 is a
> rather old version and doesnt seem to have all the bits needed for
> x509 pre-auth so I would probably need to install from the ports
> anyways.   Does anyone have any suggestions as to which
> implementation to use ? We are in Canada so it doesnt matter
> regulation wise. Is one better maintained than the other ?  There are
> no legacy v4 apps
> Thanks,
>
>         ---Mike
>
> --------------------------------------------------------------------
> Mike Tancsa,                                      tel +1 519 651 3400
> Sentex Communications,                            [EMAIL PROTECTED]
> Providing Internet since 1994                    www.sentex.net
> Cambridge, Ontario Canada                         www.sentex.net/mike
>
> _______________________________________________
> [email protected] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"


_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






















					Reply via email to