[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Since Fedora is not aimed at enterpise/business ..



On Wed, 2003-10-01 at 13:11, Havoc Pennington wrote:
> On Wed, 2003-10-01 at 09:54, Bill Anderson wrote:
> > Does this mean we can now stop requiring kerberos in everything that can
> > have it required? I submit that the vast majority of Fedora target
> > "market"will not ever need krb in Fedora. Can we please make this
> > change? In the past the answer has always been "well enterprises and
> > medium sized businesses may need it". Well, they can buy RHEL now. 
> > 
> > Please let Fedora Core return to the non
> > massive-network-might-need-any-and-all-auth-options-so-we-build-them-all-in days.
> 
> My view is the opposite, we need to be making single sign on more
> pervasive and more "just working"; it's an essential part of easy-to-use
> secure-out-of-the-box.
> 
> _All_ apps that do authentication should work with Kerberos, out of the
> box. Mail clients, IMAP server, LDAP server, printing, Nautilus doing
> file transfer, thin client setup, X remote display, everything.
> 
> Or if not Kerberos then some other equivalent technology, but Kerberos
> seems like the obvious choice. Pick one thing and make it work well and
> work everywhere.
> 

We are using GSSAPI which I think is a strata above Kerberos, but
possibly could be used in many other things. I have been told by both
the clustering and applications teams that they prefer using it over
straight Kerberos. I will say that I am just a layman here.. I am only
1/10th through the new Kerberos O'Reilly book and also various
Cryptography books. 

-- 
Stephen John Smoogen		smoogen lanl gov
Los Alamos National Lab  CCN-5 Sched 5/40  PH: 4-0645
Ta-03 SM-1498 MailStop B255 DP 10S  Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]