[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

2 questions

To: heimdal-discuss@sics.se
Subject: 2 questions
From: Wolfgang Gehrke <wgehrke@dia.uniroma3.it>
Date: Fri, 22 Jun 2007 12:39:11 +0200
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Organization: University Roma Tre
Reply-To: heimdal-discuss@sics.se, Wolfgang Gehrke <wgehrke@dia.uniroma3.it>
User-Agent: Icedove 1.5.0.12 (X11/20070607)

Hello list,

after using MIT Kerberos I am new to Heimdal Kerberos and would like to 
ask one rather practical and another rather theoretical question:

1) Which configuration information has priority: the one provided by DNS 
or the one from the local configuration file /etc/krb5.conf (I got some 
strange effects with a fresh Heimdal test installation in the context of 
a different MIT production installation)?

2) Does the recent Heimdal 0.8.1 implementation of pk-init take care of 
the issues raised in "Breaking and Fixing Public-Key Kerberos" (I. 
Cervesato, A.D. Jaggard, A. Scedrov, J.-K. Tsay, and C. Walstad) which 
resulted in the latest IETF draft?

This pkinit extension comes very handy e.g. wishing to combine the 
Kerberos related AFS file service and grid computing with 
key/certificate based authentication.

Thank you very much for your work,
Wolfgang Gehrke

Follow-Ups:
- Re: 2 questions
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: 2 questions
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: KRB5KRB_AP_ERR_MODIFIED during protocol transition
Next by Date: Re: 2 questions
Prev by thread: Re: heimdal 0.8.1 troubles
Next by thread: Re: 2 questions
Index(es):
- Date
- Thread