[32905] in Kerberos
Re: Kerberos for Windows 3.2.3-alpha and Network Identity Manager 2.0
daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Mon Nov 15 16:27:39 2010
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: kerberos@MIT.EDU
Message-ID: <4CE1A5BC.9070509@secure-endpoints.com>
Date: Mon, 15 Nov 2010 16:27:24 -0500
From: Jeffrey Altman <jaltman@secure-endpoints.com>
MIME-Version: 1.0
To: petesea@bigfoot.com
In-Reply-To: <alpine.OSX.2.00.1011111456070.725@nikto-air>
Cc: kerberos@mit.edu
Reply-To: jaltman@secure-endpoints.com
Content-Type: multipart/mixed; boundary="===============0481964119=="
Errors-To: kerberos-bounces@mit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============0481964119==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enig38DAA69870D41284594A57FE"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig38DAA69870D41284594A57FE
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 11/12/2010 6:34 PM, petesea@bigfoot.com wrote:
> I have a few questions about the new Kerberos for Windows (KfW) on MIT'=
s=20
> website and the new Network Identity Manager (NIM) on Secure Endpoints =
> website.
>
> - What's different between KfW-3.2.2 and KfW-3.2.3.alpha on MIT's websi=
te?=20
> Are there any release notes for 3.2.3.alpha?
I can't say exactly what is in 3.2.3-alpha but I believe it is simply a
rebuild with 64-bit binaries and a
small number of krb5 security updates that were committed to the 1.6
branch at the time.
>
> - At the end of the KfW-3.2.3.alpha install, there's a question:
>
> Ensure that the Kerberos tickets are available throughout the Window=
s
> login session
>
> What does this mean? =20
This sounds like "auto renewal". I'm not sure what changes to the
installer may have been made by MIT.
> And how is this setting configured? I couldn't find=20
> a difference in what was installed or in the registry depending on if t=
his=20
> was enabled or not.
>
> - Exactly how "alpha" is 3.2.3? Based on the dates here:
>
> http://web.mit.edu/kerberos/dist/kfw/3.2/kfw-3.2.3-alpha1/
>
> It looks like it's been on the website for almost 1.5 years, which seem=
s=20
> like quite a while... are there plans to release this at some point?
MIT?
>
> - Does 3.2.3 include the new NIM 2.0 from Secure Endpoints website?
No. Secure Enpoints has requested that MIT either update to the latest
NetIdMgr code base which is available from
https://github.com/secure-endpoints/netidmgr
or pull it from the KFW installers. The version of NetIdMgr in 3.2.3
alpha from MIT is 1.3.1.
>
> - Can NIM 2.0 (from Secure Endpoints) be installed over top KfW=20
> 3.2.3.alpha? And if so, is it a wise thing to do?
Yes it can be. The NetIdMgr module in the MIT 3.2.3 installer is the
same as 3.2.2 and it will be upgraded to 2.0 by the latest Secure
Endpoints NetIdMgr installer.
Secure Endpoints will be releasing in the coming days a Secure Endpoints
KFW package called 3.2.3 which is the MIT KFW distribution minus
NetIdMgr. There are improvements to the installer package so that on
64-bit systems both the 32-bit and 64-bit libraries are installed in one
installer.
Secure Endpoints will also be announcing NetIdMgr 2.1 which is built
using the Heimdal Kerberos compatibility SDK:
https://github.com/secure-endpoints/heimdal-krbcompat
NetIdMgr 2.1 will work seamlessly with both KFW 3.2.x and Heimdal 1.4.1.
Jeffrey Altman
--------------enig38DAA69870D41284594A57FE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iQEcBAEBAgAGBQJM4aW+AAoJENxm1CNJffh4j6wIAOPUuSTOASWe99eWVLaNGUNd
WWUIXDLiPAW5pp0XeKRrYj384ytjxTJBeZMnFqyps+bV/jbAipKfE3SCFSfos2g4
y4B9Xen5mPtwIcNaqZHNZhYPP8yeAp/W9XyfjOOIuF2tHtX9mXgPvIgBE4/UZTyW
Xrq94A13S8CWFwEstfzI354UtFB11CNyHS7e+sfN2ObY1EJfRSw8tYIEPwelq+96
dP1LajuJT8iL/IgomR10FiBDKV0tCDxT/jsNGPTQzJEt7uHA0zs4V/7kH+CD/W7Z
gdYqKe1kq0WRUN9x7x0l+coxErYlCo9/+XkLC23lzEi9k+BAoF80dcrHL6ycMys=
=sgQx
-----END PGP SIGNATURE-----
--------------enig38DAA69870D41284594A57FE--
--===============0481964119==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0481964119==--
