Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 6 Mar 2007 13:00:34 -0600
From:      Tillman Hodgson <tillman@seekingfire.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Kerberos authenticatino and ldap authorization
Message-ID:  <20070306190034.GA21811@seekingfire.com>
In-Reply-To: <Pine.LNX.4.61.0703061004250.5931@slacknet.com>
References:  <Pine.LNX.4.61.0703061004250.5931@slacknet.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Mar 06, 2007 at 10:07:57AM -0700, RJ45 wrote:
> for example I would like to installa MIT krb5 implementation from ports 
> instead of using heidmal default this because the kerberos server
> on my network is a MIT server and I can't use kadmin on FreeBSD
> to administrer the kerberos server remotely using heidmal implementation.
> Anyone has experience of MIT krb5 implementation on FreeBSD ?

The handbook has a chapter on setting up Kerberos, albeit focused on Heimdal.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kerberos5.html

In section 14.8.6 it notes that the kadmin protocol differs between
Kerberos implementations -- you have to use the MIT kadmin to administer
a remote MIT KDC.

Other than the kadmin bits (which are fairly different between the two
but isn't used by end-users anyway), it's pretty much transparent to a
Kerberos-enabled workstation which implementation it's using. I
typically install both (to different paths to avoid file conflicts)
because I like using the newest Heimdal rather than the one in base and
also because the included client applications differ. For example, MIT
has Kerberos rsh whereas the base Heimdal doesn't for some of the
platforms that I use.

If you run into any specific issues when setting it up, please post back
to the list and cc me and I'll give you a hand.

-T


-- 
"I once bought a cellphone that had a little sticker on the box that said
 'DO NOT EAT PACKAGING MATERIAL'. There went another freebie snack at the
  office."
    - A.S.R. quote (Andreas "Buzh" Skau)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070306190034.GA21811>