Single sign-on infrastructure (FC5 wish)
Bernardo Innocenti
bernie at develer.com
Thu Jun 23 00:43:43 UTC 2005
Mike MacCana wrote:
> On Tue, 2005-06-21 at 10:11 -0500, Jason L Tibbitts III wrote:
>
>>A single replication infrastructure. I use the MIT KDC because it's
>>what Red Hat happens to ship, but I'd much rather have everything in
>>LDAP instead of having two separate systems to configure and maintain.
>
> So Heimdal can use an LDAP data store? Sweet. Thanks so much for your
> post.
Works fine here, except Heimdal keeps creating its krb5Principal
under the root node instead of folding them into ou=KerberosPrincipals
as I told in the config file.
> I've wanted MIT krb5 to do this (in a non hacky way) for ages.
Novell says they've contributed this to MIT, but I can't
see it in their CVS repository yet.
> Can Heimdal do Kerberos over TCP, and does it support MS specific
> encryption types, like MIT Kerberos does?
A quick check with netstat appears to confirm it also
listens to TCP ports.
MS encryptation support is the main reason I switched to
Heimdal. I thought MIT still refused to add Microsoft's
"extensions" for ethical reasons... I'm surprised to hear
they're now implemented.
But what I like the most about Heimdal is that kadmin
uses readline for proper history and line editing support.
and also uses nicer names for commands :-)
--
// Bernardo Innocenti - Develer S.r.l., R&D dept.
\X/ http://www.develer.com/
More information about the devel
mailing list