Date: Mon, 5 May 2003 07:10:50 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Doug Barton <DougB@FreeBSD.org> Cc: Mark Murray <mark@grondar.org> Subject: Re: HEADS UP! Kerberos5/Heimdal now default! Message-ID: <20030505121050.GC21530@madman.celabo.org> In-Reply-To: <20030505020008.V1391@znfgre.qbhto.arg> References: <200305050845.h458j38c069038@grimreaper.grondar.org> <20030505020008.V1391@znfgre.qbhto.arg>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 05, 2003 at 02:02:41AM -0700, Doug Barton wrote: > I have to object to this change of direction. Both on POLA grounds, and on > the grounds that because most people don't use kerberos, it shouldn't be > the default. I also think that given the historical propensity of kerberos > to be vulnerable to attack, it definitely shouldn't be included by > default. Actually, I think we've now fixed POLA issues ... previously we installed the Kerberos bits by default, but did not rebuild them when the rest of the system was updated. Other OSes that supply Kerberos directly come with those bits by default. I do not think that whether or not `most people' use a part of the system is the only (or most important) criteria in determining whether or not to build or not build that part of the system by default. To what `historical propensity' are you referring? I intend this as an honest question. We include software in the base system that most definitely has a poor security track record, but I don't think that Kerberos 5 gets any distinction in this regard. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030505121050.GC21530>