[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Results from my request for testimonials

To: heimdal-discuss@sics.se
Subject: Results from my request for testimonials
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Thu, 5 Aug 2004 18:48:43 -0700
Sender: owner-heimdal-discuss@sics.se

In the event that you have to convince your management that this  
software from Sweden is safe to use the following may be helpful.  ;-)

OTOH if you are trying to decide whether to use MIT, Heimdal, or some  
other Kerberos software that's a different question.  My opinion is  
that there are several good implementations and which is best depends  
on what unique characteristics you need/want.  In my case AFS is the  
biggest application and the fact the KTH also makes AFS software  
matters.

Begin forwarded message:

> Subject: K5 Upgrade CDR RFA 5
>
> Is this an adequate response to your RFA?
>
>  RFA 5
>
> Assess the risk associated with the Kerberos v5 implementation based  
> on the age and others’ experience base with the software.
>
>  Recommended Action
>
> Research and make assessment, identify mitigation if possible.
>
>  Response:
>
> It's acknowledged that Heimdal is neither as old nor as widely  
> deployed as the MIT implementation of Kerberos 5.  Heimdal was started  
> in 1997, and has been deployed at KTH in Sweden since 2000.  It  
> replaced MIT Kerberos 4 as the bundled Kerberos implementation for  
> NetBSD slightly before that.  I wouldn't have recommended it if I  
> didn't think it could do the job.
>
> While there are a number of institutions using it, there may not be  
> very many with as many principals as we have (about 14,000).
>
> KTH.SE (where Heimdal was developed) has more than 27,000 principals  
> spread over 4 realms.
>
> SU.SE (Stockholm University) "should be somewhere in the 10-30k range."
>
> COM.MX  "We have a heimdal 0.6 server in a commercial application  
> (just released in January this year) with a OpenLDAP Backend tested  
> with 10000 users but we hope 50000 this year."
>
> CMU.EDU "Our clients have used heimdal-0.4e in production since  
> sometime in 2001.
>
> We upgraded our KDC's last fall from an old MIT version to Heimdal 0.6  
> plus a few local modifications.  There were about 20000 principals in  
> the database at that time; today we have about 21000 of which 14000  
> are unexpired; those are about evenly split between services, users,  
> and alternate (non-null) instances.
>
> The master KDC handles on the order of 3-6 requests/sec (depending on  
> time of day); we expect that on current hardware it ought to be able  
> to handle a lot more.  We have never seen a problem.
>
> -- Jeff"  [Jeffrey Hutzelman is co-chair of the IETF Kerberos Working  
> Group]
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: Results from my request for testimonials
  - From: Johan Danielsson <joda@pdc.kth.se>

Prev by Date: Re: aes256-cts-hmac-sha1-96 support in Heimdal 0.6.2
Next by Date: Re: Storing entries in several levels
Prev by thread: Re: Kerberos/LDAP/SASL central authentication server howto
Next by thread: Re: Results from my request for testimonials
Index(es):
- Date
- Thread