[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 2 questions
On Jun 22, 2007, at 3:39 AM, Wolfgang Gehrke wrote:
> Hello list,
>
> after using MIT Kerberos I am new to Heimdal Kerberos and would
> like to ask one rather practical and another rather theoretical
> question:
>
> 1) Which configuration information has priority: the one provided
> by DNS or the one from the local configuration file /etc/krb5.conf
> (I got some strange effects with a fresh Heimdal test installation
> in the context of a different MIT production installation)?
Config file.
> 2) Does the recent Heimdal 0.8.1 implementation of pk-init take
> care of the issues raised in "Breaking and Fixing Public-Key
> Kerberos" (I. Cervesato, A.D. Jaggard, A. Scedrov, J.-K. Tsay, and
> C. Walstad) which resulted in the latest IETF draft?
Pretty sure it does the right thing as long as you don't configure MS
backward compatibility.
> This pkinit extension comes very handy e.g. wishing to combine the
> Kerberos related AFS file service and grid computing with key/
> certificate based authentication.
You know that 0.8.x also does KX509 to go the other direction.
> Thank you very much for your work,
> Wolfgang Gehrke
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
- References:
- 2 questions
- From: Wolfgang Gehrke <wgehrke@dia.uniroma3.it>