[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A few questions about implementing a KDC for OpenAFS



>>> 1. Which is the better choice from the point of view of a Kerberos
>>> authentication mechanism that fully integrates with OpenAFS (I will
>>> be using Debian Sarge) - MIT or Heimdal ?
>>
>> I don't know, and my answer would biased in any case :-)
>
>If AFS is your priority then use Heimdal.  If you care about "hard"  
>security features like replay caching and password history then use  
>MIT.  (Yeah that's way oversimplified.)

You can have your cake and eat it too, if you really want to.  E.g., you
could use Heimdal on your KDC (where it has much better AFS integration)
but you could use MIT on your application servers (where it actually does
replay caching).

--Ken