[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A few questions about implementing a KDC for OpenAFS

To: heimdal-discuss@sics.se
Subject: Re: A few questions about implementing a KDC for OpenAFS
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Date: Fri, 27 May 2005 11:12:19 -0400
In-Reply-To: <f585894b294d111f7c796ec7308fe06b@jpl.nasa.gov>
Sender: owner-heimdal-discuss@sics.se

>>> 1. Which is the better choice from the point of view of a Kerberos
>>> authentication mechanism that fully integrates with OpenAFS (I will
>>> be using Debian Sarge) - MIT or Heimdal ?
>>
>> I don't know, and my answer would biased in any case :-)
>
>If AFS is your priority then use Heimdal.  If you care about "hard"  
>security features like replay caching and password history then use  
>MIT.  (Yeah that's way oversimplified.)

You can have your cake and eat it too, if you really want to.  E.g., you
could use Heimdal on your KDC (where it has much better AFS integration)
but you could use MIT on your application servers (where it actually does
replay caching).

--Ken

Prev by Date: Re: A few questions about implementing a KDC for OpenAFS
Next by Date: Re: A few questions about implementing a KDC for OpenAFS
Prev by thread: Re: A few questions about implementing a KDC for OpenAFS
Next by thread: Re: A few questions about implementing a KDC for OpenAFS
Index(es):
- Date
- Thread