Date: Mon, 28 May 2018 19:30:57 -0500 From: Benjamin Kaduk <kaduk@mit.edu> To: Sean Bruno <sbruno@freebsd.org> Cc: freebsd-arch <freebsd-arch@freebsd.org> Subject: Re: How to update or should we update Kerberos Message-ID: <20180529003057.GB65175@kduck.kaduk.org> In-Reply-To: <d26a370c-fad0-3340-647d-89a52520cc92@freebsd.org> References: <d26a370c-fad0-3340-647d-89a52520cc92@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--jI8keyz6grp/JLjh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 28, 2018 at 12:49:41PM -0600, Sean Bruno wrote: > https://github.com/heimdal/heimdal/releases >=20 > Since we haven't updated Kerberos for 6 years, I'm curious why we even cy has some WIP in projects/krb5, which at least initially was to switch to MIT krb5 in base (but now may be more ambitious and leave both Heimdal and MIT options). > have it floating around in base. >=20 > I'm ignorant as to what we need it for. It's a great way to simplify the bootstrap process when setting up new machines (in an existing realm environment), in particular, it is used in the FreeBSD cluster. Prior to pkgng's introduction of signed packages, it was the only way for me to securely integrate a new install that did not involve hand-transcribing key material or putting it on removable media. I think the signed-packages situation helps somewhat, but there are definitely still cases where it's useful to have. On the other hand, it's also sometimes frustrating when it's 6-year-old code and I also want to be in an MIT krb5 environment. But I hope that cy will continue with the project branch and we'll get an update "soon". -Ben --jI8keyz6grp/JLjh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQG3BAABCgAdFiEE2WGV4E2ARf9BYP0XKNmm82TrdRIFAlsMnzYACgkQKNmm82Tr dRITqwwgjD6UspRytOlHGOKWn0QTysW/YgnJQ6jvZi4lVfKmmG95QqmgtZI/A5g8 WcKwkBNGlTWGD9i+QXPmvnKLjkwIB1tUey/3CYP2GVRuiFqiI0aJBirSoMvAZEUO IIo0mAVMT6MzY8szuKWnuh6pU+2c0oUKqASy3TZ28manwOSU0b6Ylh5YXJslbSpV EeMGa2VApFfVk1E/E3Lro7RytFziMMLX7oy4PscelP6Tj+YxrOoQ1QlGvea2XGHQ 99bEKm04Ilmu4WAmvexKdVpdJ5CGTNpZD9TqAerTmDSGY7IH+vMFQyrzc8oWIIuS U/x07Ghnjjq/AERt2hWNPDd1Wn25sVvluCMssdkg6qrFN7ZFBbc02b5wgNGVFRnk ufPOlZoT04bwrjng6bAwXmTw0jZb660pK90EUwNahp1ubiiGxn522Wgu9KX9ti7y dWSpGedBSVCBEH84JVU6bk7yquGuJw7xh8fMNuSFCHSwwXOr3vs2B9RIjVsXFvLQ MYq/DLcxWYG1dQ== =3nZb -----END PGP SIGNATURE----- --jI8keyz6grp/JLjh--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180529003057.GB65175>