Spec for Kerberizing Ubuntu
Stephen Shirley
diamond+ubuntu-devel at nonado.net
Thu Jul 14 08:04:22 CDT 2005
dave walker wrote:
> Since the topic of Kerberos has been brought up, I wanted to ask. What
> are the differences between MIT Kerberos, and Heimdal Kerberos? I have
> only administered on MIT Kerberos4 and 5, so don't know what Heimdal is
> like. I am going to assume it is mostly under-the-hood differenced, but
> any one know?
There are a few things. I was over in kth (the technical university in
stockholm) during march, and the heimdal guys i met there convinced me
to switch from mit kerberos ,-) I believe one of the big things is that
it integrates with AFS very nicely (not surprising seeing as kth is also
very much an AFS place).
From my point of view, the fact that i could get win2k/winxp clients
authing against a heimdal kerberos kdc was a big plus (i managed it also
with mit kerberos, but it took a fair bit of work, and the tickets
issued allowed me to log on, but didn't seem to work for anything else;
the heimdal tickets work just fine with kerberized putty
(http://rc.vintela.com/topics/putty/)).
The other big thing for me was the fact that i was able to get
pam_krb5_migrate (http://freshmeat.net/projects/pam_krb5_migrate/)
compiled against heimdal, and have used it to migrate all my users from
pam_unix to kerberos. This is a big win in any scenario where you're
migrating to kerberos from any other auth scheme which uses pam.
Steve
More information about the ubuntu-devel
mailing list