Hi David,
On Jun 17, 2010, at 9:50 AM, David Guibert wrote:
Hi,
I've have a workable configuration to authenticate via kerberos with
pam_krb5 and pam_ccreds to cache passwords for offline logins.
Nice!
This is something I wanted to have for a long time.
in nixos/modules/config/krb5.nix, I install the default kerberos
defined
in nixpkgs instead of krb5 (MIT version).
- systemPackages = [ pkgs.krb5 ];
+ systemPackages = [ pkgs.kerberos ];
Marco (and others), is there a reason to specify krb5 instead of
heimdal?
At the time I wrote the expression I made the minimum effort to make
kerberos work for my particular needs which essentially is kerbeors
+openafs to access the distributed file system of my department.
Someone told me that openafs works better with MIT keberos than
heimdal (don't know if this is true or not) and MIT keberos is what it
is used in by my "neighborhoods", so I made a pragmatic choice.
Now if more user are interested into it, we can try to improve the
configuration mechanism.
Maybe we need a better way to specify the kerberos implementation.
Yes, I think it is better to parametrize the nix expressions over the
specific kerberos implementations so that each user can freely choose
what she prefer.
Marco
_______________________________________________
nix-dev mailing list
[email protected]
https://mail.cs.uu.nl/mailman/listinfo/nix-dev
