Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Sep 2008 08:34:08 +0200
From:      Gunnar Flygt <flygt@sr.se>
To:        Mike Tancsa <mike@sentex.net>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Heimdal or MIT for kerberos?
Message-ID:  <20080910063408.GA99970@sr.se>
In-Reply-To: <200809071155.m87BtS2H082832@lava.sentex.ca>
References:  <200809071155.m87BtS2H082832@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
I'm very pleased with heimdal 1.1. I compile it from sources. No big
problem. Compile on one machine and copy the file structure to the other
at the same OS level. Then using openssh-gssapi-overwrite-base-5.0.p1,1
with the KRB5_HOME flag set to the directory of heimdal. Same thing
there, compile and make a package on one machine. The KDC's run FreeBSD
7 and the same release of heimdal as the others.


On Sun, Sep 07, 2008 at 07:55:26AM -0400, Mike Tancsa wrote:
> We are looking at deploying Kerberos for better user management (SSO) 
> and 2 factor authentication via pkcs#11 etokens.  The servers are all 
> FreeBSD and the machines principals will login from a mix of FreeBSD, 
> Windows and MAC OSX using ssh and openvpn.  As part of our compliance 
> project, access must be 2 factor.  The Heimdal in RELENG_7 is a 
> rather old version and doesnt seem to have all the bits needed for 
> x509 pre-auth so I would probably need to install from the ports 
> anyways.   Does anyone have any suggestions as to which 
> implementation to use ? We are in Canada so it doesnt matter 
> regulation wise. Is one better maintained than the other ?  There are 
> no legacy v4 apps
> Thanks,
> 
>         ---Mike
> 
> --------------------------------------------------------------------
> Mike Tancsa,                                      tel +1 519 651 3400
> Sentex Communications,                            mike@sentex.net
> Providing Internet since 1994                    www.sentex.net
> Cambridge, Ontario Canada                         www.sentex.net/mike
> 
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080910063408.GA99970>