Re: why heimdal over MIT?

[fsmunoz@gesal.org]

Frank Cusack writes: 

> For those of you running heimdal, why did you select it over MIT? 
> 

Well, here are my reasons for what they worth: 

* Heimdal and KTH-KRB are made in Europe and  as such I'm more comfortable 
with them. The export restrictions and the questions asked when trying to 
download the MIT server from Portugal are by themselves a good reason to use 
Heimdal 

* In what regards AFS Heimdal is IMHO better integrated: the afs token is 
automatically delivered on kinit, as the ftp/telnet daemons are aware of the 
tokens. I never did solve the problem of ftp'ing into an AFS dir with MIT 
servers. Add to that ka-server emulation and the AFS support is indeed very 
transparent. 

* In the whole that aren't many differences between the MIT Krb5 and 
Heimdal, but I tend to prefer Heimdal's kadmin interface, for example. 

* Heimdal seems to be more flexible in integrating new ideas (e.g. LDAP 
backend), but this could be just my overall impression and not the absolute 
truth. 

All in all I'm very pleased to work with Heimdal and KTH-KRB. MIT Krb5 is of 
course also very good, so it is a matter of personal preference between 
them. 


> I am specifically intersted in knowing if MIT supports PK-INIT,
> and if heimdal supports use of DNS SRV records.

IIRC the PKINIT stuff was still in draft, but it could be now be 
implemented, I don't know. Heimdal does support DNS SRV records. 

cheers, 

fsmunoz