[32841] in Kerberos
Re: trouble deciding which kerberos flavor
daemon@ATHENA.MIT.EDU (Christopher D. Clausen)
Mon Oct 25 17:52:01 2010
Message-ID: <DC2ECB22F1424942998D6472BC82C1DA@CDCHOME>
From: "Christopher D. Clausen" <cclausen@acm.org>
To: "eric" <krb.help@hopevaleufsd.org>
Date: Mon, 25 Oct 2010 16:51:45 -0500
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Ken Dreyer <ktdreyer@ktdreyer.com> wrote:
> On Thu, Oct 21, 2010 at 1:10 PM, eric <krb.help@hopevaleufsd.org> wrote:
>> I just want to know any differences that MIT and Heimdal have with each
>> other:
>
> I think someone at the 2010 Kerberos Conference summarized it this way:
>
> MIT is likely to be what your OS vendor ships. Heimdal has more features.
I'd say that depends on the features you want.
Unless my information is out of date, MIT KDCs support policies where you
can setup groups of principals with different security requirements (like
say, students, faculty, staff, hosts, services, etc.) and then customize
password length, strength, expiration and other settings for each of these
groups. In Heimdal this needs to be set on each principal which makes it
really annoying to change after initial account creation.
<<CDC
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos