Date: Wed, 30 Apr 2003 15:17:04 -0400 (EDT) From: Garrett Wollman <wollman@lcs.mit.edu> To: Kris Kennaway <kris@obsecurity.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/release Makefile src/release/scripts crypto-install.sh Message-ID: <200304301917.h3UJH4Yj054706@khavrinen.lcs.mit.edu> In-Reply-To: <20030430181603.GD84302@rot13.obsecurity.org> References: <200304301754.h3UHsJ21004574@repoman.freebsd.org> <20030430181603.GD84302@rot13.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Wed, 30 Apr 2003 11:16:03 -0700, Kris Kennaway <kris@obsecurity.org> said: > Hmm, is it really a good idea to combine crypto and krb5? krb5 is, I > suspect, a rarely-used feature in the wild. ``The wild'' contains lots and lots of Windows Active Directory implementations. For any operation larger than a few dozen hosts, Kerberos is a great deal easier to manage than n^2 SSH key combinations. (This presumes that you have a working version of Kerberized SSH, which at present means OpenSSH 3.4 with the patches.) Even for relatively small installations, the convenience factor can be significant, particularly when integrated with other operating systems infrastructure. -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200304301917.h3UJH4Yj054706>