atom feed3 messages in org.freebsd.freebsd-securityRe: Heimdal or MIT for kerberos?
FromSent OnAttachments
Mike TancsaSep 7, 2008 4:55 am 
Gunnar FlygtSep 9, 2008 11:34 pm 
Mike TancsaSep 16, 2008 7:34 am 
Subject:Re: Heimdal or MIT for kerberos?
From:Gunnar Flygt (
Date:Sep 9, 2008 11:34:08 pm

I'm very pleased with heimdal 1.1. I compile it from sources. No big problem. Compile on one machine and copy the file structure to the other at the same OS level. Then using openssh-gssapi-overwrite-base-5.0.p1,1 with the KRB5_HOME flag set to the directory of heimdal. Same thing there, compile and make a package on one machine. The KDC's run FreeBSD 7 and the same release of heimdal as the others.

On Sun, Sep 07, 2008 at 07:55:26AM -0400, Mike Tancsa wrote:

We are looking at deploying Kerberos for better user management (SSO) and 2 factor authentication via pkcs#11 etokens. The servers are all FreeBSD and the machines principals will login from a mix of FreeBSD, Windows and MAC OSX using ssh and openvpn. As part of our compliance project, access must be 2 factor. The Heimdal in RELENG_7 is a rather old version and doesnt seem to have all the bits needed for x509 pre-auth so I would probably need to install from the ports anyways. Does anyone have any suggestions as to which implementation to use ? We are in Canada so it doesnt matter regulation wise. Is one better maintained than the other ? There are no legacy v4 apps Thanks,