[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: why heimdal over MIT?
Frank Cusack writes:
> For those of you running heimdal, why did you select it over MIT?
Well, here are my reasons for what they worth:
* Heimdal and KTH-KRB are made in Europe and as such I'm more comfortable
with them. The export restrictions and the questions asked when trying to
download the MIT server from Portugal are by themselves a good reason to use
* In what regards AFS Heimdal is IMHO better integrated: the afs token is
automatically delivered on kinit, as the ftp/telnet daemons are aware of the
tokens. I never did solve the problem of ftp'ing into an AFS dir with MIT
servers. Add to that ka-server emulation and the AFS support is indeed very
* In the whole that aren't many differences between the MIT Krb5 and
Heimdal, but I tend to prefer Heimdal's kadmin interface, for example.
* Heimdal seems to be more flexible in integrating new ideas (e.g. LDAP
backend), but this could be just my overall impression and not the absolute
All in all I'm very pleased to work with Heimdal and KTH-KRB. MIT Krb5 is of
course also very good, so it is a matter of personal preference between
> I am specifically intersted in knowing if MIT supports PK-INIT,
> and if heimdal supports use of DNS SRV records.
IIRC the PKINIT stuff was still in draft, but it could be now be
implemented, I don't know. Heimdal does support DNS SRV records.