[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Since Fedora is not aimed at enterpise/business ..



On Wed, 2003-10-01 at 15:03, Bill Anderson wrote:
> ng able to do secure network-wide single sign-on is a cool feature!
> 
> So is socksified ssh, but we don't get that! I assert that more people
> use/need that than K support. Heck, nearly every single on of us at HPAQ
> need it. Not even runsocks is available unless we go elsewhere. And no,
> Kerberos won't solve that, ;^)

Funny you mention that. I've been thinking about filing an RFE bug about
that very topic.

> I've got networks doing single-sign on using ldap/pam/nss/friends, no K
> needed.

Note that "single-sign on" is not the same as "same password
everywhere".

> "SSH is no replacement for Kerberos"
> Agreed. But then again, you can reverse that statement with no change in
> truth. Kerberos is not a replacement for SSH either.

I disagree. I assert that in an kerberized intranet environment there is
little to no need for SSH.

Modulo all the wacky port-forwarding stuff and connecting to remote
internet sites, Kerberos does provide the main feature of SSH, namely:

* Strong Host authentication
* Strong User authentication and passwordless logins
* Drop-in replacements for r* utilities

> "But Kerberos takes up so little HD space." Fine, so it won't "cost"
> that much to have a set of RPMS that are kerberized, and have it be and
> option.

There are *already* kerberized RPMs for the server components and the
command line utils. Are you arguing about the size of the Evolution 1.4
binary (and others) compiled with GSSAPI support versus not?





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]