[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: why heimdal over MIT?

To: fcusack@fcusack.com
Subject: Re: why heimdal over MIT?
From: Luke Howard <lukeh@PADL.COM>
Date: Fri, 14 Mar 2003 23:40:55 +1100
Cc: heimdal-discuss@sics.se
Organization: PADL Software Pty Ltd
Reply-To: lukeh@PADL.COM
Sender: owner-heimdal-discuss@sics.se
Versions: dmail (bsd44) 2.4c/makemail 2.9d


>For those of you running heimdal, why did you select it over MIT?

We chose to use Heimdal as the basis for our proprietary authentication
server for a number of reasons, including:

  o a history of using Heimdal from before MIT was exportable (we're
    in Australia)

  o a well abstracted backend architecture that eased the implementation
    of directory server-based backends

  o an ASN.1 compiler that eased the implementation of extensions (for
    example, RFC 3244)

  o support for MD4 passwords (I know MIT has this now)

Of course, none of these things may matter to you...

>I am specifically intersted in knowing if MIT supports PK-INIT,
>and if heimdal supports use of DNS SRV records.

I believe Heimdal does support DNS SRV records for KDC location. I
am not aware of any PKINIT support for MIT but there are patches for
Heimdal to support this.

-- Luke

--
Luke Howard | PADL Software Pty Ltd | www.padl.com

Prev by Date: Re: why heimdal over MIT?
Next by Date: Re: More, re: Heimdal compatibility with MIT Krb 4
Prev by thread: Re: why heimdal over MIT?
Next by thread: kinit and old credentials
Index(es):
- Date
- Thread