> Now on to Kerberos.... > Is anyone Out There actively building CMS Kerberos apps or who is > depending on the z/VM Kerberos daemon for outboard Kerberos apps?
I still support several Kerberized CMS apps, although with the known compromises in Kerberos 4, I've been getting a lot of pressure to either upgrade to K5 or get rid of them. The MIT guys also still do some K4 stuff, but I think they have a internal K5 lib and the k4-to-k5 translator already deployed elsewhere on campus. > I would > like to consider dropping Kerberos from the suite of z/VM services at some > point, but I need some feedback from any active users or from anyone who > has been seriously considering adding Kerberos to your stable of VM > services. If there are no plans to do Kerberos 5, then I'll lose the K4 apps and a group of users to other platforms. Continuing K4 support is certainly useless without a K4-to-K5 translation service, which would be about as much work as doing native K5. > - z/VM is focused on support for X.509 certificates and TLS/SSL for > privacy, data integrity, and authentication It'd be a lot more useful to have GSS-API support (then you'd be able to do all the other parts as well, but as plugins). If you want to do a K5 port, I've done a lot of the work, but not the cleanup and docs to productize.
