From owner-freebsd-questions@FreeBSD.ORG Tue Mar 6 19:00:35 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C1FED16A402 for ; Tue, 6 Mar 2007 19:00:35 +0000 (UTC) (envelope-from tillman@seekingfire.com) Received: from mail.seekingfire.com (thoth.seekingfire.com [24.89.83.9]) by mx1.freebsd.org (Postfix) with ESMTP id 93EA513C442 for ; Tue, 6 Mar 2007 19:00:35 +0000 (UTC) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id CD74539830; Tue, 6 Mar 2007 13:00:34 -0600 (CST) Date: Tue, 6 Mar 2007 13:00:34 -0600 From: Tillman Hodgson To: freebsd-questions@freebsd.org Message-ID: <20070306190034.GA21811@seekingfire.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/personal/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers X-Tillman-rules: yes he does User-Agent: Mutt/1.5.14 (2007-02-12) Subject: Re: Kerberos authenticatino and ldap authorization X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2007 19:00:35 -0000 On Tue, Mar 06, 2007 at 10:07:57AM -0700, RJ45 wrote: > for example I would like to installa MIT krb5 implementation from ports > instead of using heidmal default this because the kerberos server > on my network is a MIT server and I can't use kadmin on FreeBSD > to administrer the kerberos server remotely using heidmal implementation. > Anyone has experience of MIT krb5 implementation on FreeBSD ? The handbook has a chapter on setting up Kerberos, albeit focused on Heimdal. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kerberos5.html In section 14.8.6 it notes that the kadmin protocol differs between Kerberos implementations -- you have to use the MIT kadmin to administer a remote MIT KDC. Other than the kadmin bits (which are fairly different between the two but isn't used by end-users anyway), it's pretty much transparent to a Kerberos-enabled workstation which implementation it's using. I typically install both (to different paths to avoid file conflicts) because I like using the newest Heimdal rather than the one in base and also because the included client applications differ. For example, MIT has Kerberos rsh whereas the base Heimdal doesn't for some of the platforms that I use. If you run into any specific issues when setting it up, please post back to the list and cc me and I'll give you a hand. -T -- "I once bought a cellphone that had a little sticker on the box that said 'DO NOT EAT PACKAGING MATERIAL'. There went another freebie snack at the office." - A.S.R. quote (Andreas "Buzh" Skau)