[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: suggestion: move krb5 daemons to krb5-daemons subpackage



tis 2004-11-23 klockan 23:36 +0100 skrev Enrico Scholz:
> sopwith redhat com (Elliot Lee) writes:
> 
> > kshd/klogind are fully encrypted if set up correctly. They're also a
> > lot faster than ssh.
> 
> Setting up krb5 correctly without virtualization technology (e.g. vserver)
> or much money for extra hardware and powersupply is nearly impossible...
> Else, you will have only trouble with hostname vs. DNS name conflicts
> and/or multi-homed hosts.

Arguing that Kerberos is useless/unusable/broken/whatever is futile.
It's not. It also cannot be replaced with SSH. (Extending SSH to support
Kerberos is a good idea though.)

> The shipped KRB5 implementation misses features like replication or support
> for renaming of principals; and the rest of the system misses krb5 support
> completely (cups, w3m, svn), nobody cares about it (e.g. no SPNEGO support
> in firefox because missing buildrequires) or its implementation is not
> well-thought (e.g. login for local accounts fails when network is down).

Yes, this should be fixable. I'm mostly interested in Firefox and CUPS.
Are there bug reports already or should they be filed?

> ssh is much easier to use and provides neat features like encryption of
> X11 connections.

Heimdal has secure X11 forwarding.

/abo



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]