[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2 questions

On Jun 22, 2007, at 3:39 AM, Wolfgang Gehrke wrote:

> Hello list,
> after using MIT Kerberos I am new to Heimdal Kerberos and would  
> like to ask one rather practical and another rather theoretical  
> question:
> 1) Which configuration information has priority: the one provided  
> by DNS or the one from the local configuration file /etc/krb5.conf  
> (I got some strange effects with a fresh Heimdal test installation  
> in the context of a different MIT production installation)?

Config file.

> 2) Does the recent Heimdal 0.8.1 implementation of pk-init take  
> care of the issues raised in "Breaking and Fixing Public-Key  
> Kerberos" (I. Cervesato, A.D. Jaggard, A. Scedrov, J.-K. Tsay, and  
> C. Walstad) which resulted in the latest IETF draft?

Pretty sure it does the right thing as long as you don't configure MS  
backward compatibility.

> This pkinit extension comes very handy e.g. wishing to combine the  
> Kerberos related AFS file service and grid computing with key/ 
> certificate based authentication.

You know that 0.8.x also does KX509 to go the other direction.

> Thank you very much for your work,
> Wolfgang Gehrke

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu