On Oct 4, 2004, at 9:02 AM, [EMAIL PROTECTED] wrote:
Date: Sun, 03 Oct 2004 22:40:50 -0700 From: Frank Cusack <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Heimdal or MIT kerberos Message-ID: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> Precedence: list Message: 2
On Mon, 04 Oct 2004 10:55:49 +0800 sam <[EMAIL PROTECTED]> wrote:I m not sure which kerberos I should use.
They're both good. Don't sweat it too much.
Heimdal does not have a functioning replay cache, so if your app needs that you must go with MIT.
Very true, but it depends on the app whether it matters or not. Heimdal doesn't support password history checking either, but there's public code to add that if you don't run a very large site.
Apache kerberization is a long hard road. You're much better off going with pubcookie or some such system. http://middleware.internet2.edu/webiso/ is a good page that points to lots of web sso software.
Hmmm. If you use a recent Mozilla-derivative and mod_auth_kerb with Apache it seems to handle the basics. Haven't checked interop with MS products.
Which one you choose may depend on whether you need some add-on. There are a couple of hardware pre-authentication devices supported only with MIT patches, but the PKINIT patches are only for Heimdal.
------------------------------------------------------------------------ ----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
[EMAIL PROTECTED], or [EMAIL PROTECTED]
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos