[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: why heimdal over MIT?

>For those of you running heimdal, why did you select it over MIT?

We chose to use Heimdal as the basis for our proprietary authentication
server for a number of reasons, including:

  o a history of using Heimdal from before MIT was exportable (we're
    in Australia)

  o a well abstracted backend architecture that eased the implementation
    of directory server-based backends

  o an ASN.1 compiler that eased the implementation of extensions (for
    example, RFC 3244)

  o support for MD4 passwords (I know MIT has this now)

Of course, none of these things may matter to you...

>I am specifically intersted in knowing if MIT supports PK-INIT,
>and if heimdal supports use of DNS SRV records.

I believe Heimdal does support DNS SRV records for KDC location. I
am not aware of any PKINIT support for MIT but there are patches for
Heimdal to support this.

-- Luke

Luke Howard | PADL Software Pty Ltd | www.padl.com