> Hey Edward, >> The lack of a plain English introduction/explanation to the API is >> probably >> why Kerberos doesn't have a heck of a lot of application support. >> (Anyone else listening here?) > That's an excellent point.
Love Hörnquist Åstrand pointed out the Heimdal dev docs earlier, which appear to give a basic primer (maybe I'll have the time and motivation over the weekend). It looks promising, and gives me a basic idea of how the various functions and data structures fit together... Ken Hornstein; All that info would be incredibly helpful. On that note, there's a lot of info that piles up in the list, which isn't very ordered. For example, I have a 'nice' perl script for pushing out kdc updates, which is designed to works and comes with a minimal cron entry, and works from a config file in the kdc directory. But I don't have anywhere to put it. Has anyone considered a wiki/other for kerberos stuff? >> I'll chew over this a bit more... > > Thanks. Please let us know what emerges... *Aliens rupture out of my thorax* I digress. Having slept on this... In my current position, I have no chance whatsoever of getting Kerberos on to the servers I manage. I have managed to convince people that some form of centralized setup would be a good idea for ensure that old accounts are added/removed as required. Since there's already a Novell LDAP setup floating around for web auth, I've convinced them of that. However, half the people here are convinced that Kerberos is a Microsoft technology *big sigh* and that it's 'insecure because it uses UDP'. Regardless of the intelligence of that statement, I'm not going to get Kerberos rolled out at any time in the near future, but would like to use benefit from such a system to enforce access. With this in mind, would it be possible to look at unhooking this system (let's call it accessd for the moment, just so it has a name) from Kerberos, and writing a generic protocol, so that can be wrapped in kerberos/ssl/ssh/foobar as the user/admin requires? -Edward ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
