From owner-freebsd-security@FreeBSD.ORG Thu Sep 9 09:58:49 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B44E10656B1 for ; Thu, 9 Sep 2010 09:58:49 +0000 (UTC) (envelope-from john.marshall@riverwillow.com.au) Received: from mail1.riverwillow.net.au (mail1.riverwillow.net.au [203.58.93.36]) by mx1.freebsd.org (Postfix) with ESMTP id DC3168FC14 for ; Thu, 9 Sep 2010 09:58:48 +0000 (UTC) Received: from rwpc12.mby.riverwillow.net.au (rwpc12.mby.riverwillow.net.au [172.25.24.193]) (authenticated bits=0) by mail1.riverwillow.net.au (8.14.4/8.14.4) with ESMTP id o899hf0K070817 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 9 Sep 2010 19:43:42 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=riverwillow.com.au; s=m1001; t=1284025422; bh=nClqd6bzqlq2uIZ24yFIZ3L4pJbljIYPfYmst+v8KlM=; h=Date:From:To:Cc:Subject:Message-ID:References:Mime-Version: Content-Type:In-Reply-To; b=0AXnZCcy5mVstPsWRWKXph3fxYJbB10Mbf/RDkwg0wZNyN3NfMmUi8fn+SGFOyS8h UloVnNyZDEDhDCQMCof0Wuc1ibxov3hChGoz3mUtDe5qebJcc3XKYPsi4w42wNB6+P XkXQZDRBjv2lQnKWN6wvC1de1JzSdvURnGfj8tXA= Received: from rwpc12.mby.riverwillow.net.au (localhost [127.0.0.1]) by rwpc12.mby.riverwillow.net.au (8.14.4/8.14.4) with ESMTP id o899hfJp024244; Thu, 9 Sep 2010 19:43:41 +1000 (AEST) (envelope-from john.marshall@riverwillow.com.au) Received: (from john@localhost) by rwpc12.mby.riverwillow.net.au (8.14.4/8.14.4/Submit) id o899hfpT024243; Thu, 9 Sep 2010 19:43:41 +1000 (AEST) (envelope-from john) Date: Thu, 9 Sep 2010 19:43:41 +1000 From: John Marshall To: "Jason C. Wells" Message-ID: <20100909094341.GI16882@rwpc12.mby.riverwillow.net.au> References: <4C884E33.8090709@speakeasy.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="eRtJSFbw+EEWtPj3" Content-Disposition: inline In-Reply-To: <4C884E33.8090709@speakeasy.net> User-Agent: Mutt/1.4.2.3i OpenPGP: id=A29A84A2 Cc: freebsd-security@freebsd.org Subject: Re: 8.1 Heimdal KDC X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2010 09:58:49 -0000 --eRtJSFbw+EEWtPj3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, 08 Sep 2010, 20:02 -0700, Jason C. Wells wrote: > Could somebody please confirm that they are actually using 8.1-R with=20 > heimdal as a KDC successfully? A little confirmation would help me great= ly. I have 8.1-RELEASE running (base system) KDC's on three servers here. The master uses hprop to replicate to the slaves. The version of Heimdal on 8.1-RELEASE is Heimdal 1.1.0 Not all of the Heimdal man pages are installed on FreeBSD. I have found that hunting through man pages under /usr/src/crypto/heimdal helped me with compatibility issues between the Heimdal implementations on FreeBSD 7.n (Heimdal 0.6.3) and FreeBSD 8.n (Heimdal 1.1.0) - particularly the COMPATIBILITY section in /usr/src/crypto/heimdal/lib/gssapi/gssapi.3 --=20 John Marshall --eRtJSFbw+EEWtPj3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iEYEARECAAYFAkyIrE0ACgkQw/tAaKKahKIRbACfajVcxxjeAHh+ONtmw42O9a0/ WyYAoKxlRz1Tpa2Vmv+Mg3jus+28aVc9 =5oUg -----END PGP SIGNATURE----- --eRtJSFbw+EEWtPj3--