Since Fedora is not aimed at enterpise/business ..

Bill Anderson bill at noreboots.com
Wed Oct 1 21:03:33 UTC 2003 

On Wed, 2003-10-01 at 08:23, Elliot Lee wrote:
> On 1 Oct 2003, Bill Anderson wrote:
> 
> > Does this mean we can now stop requiring kerberos in everything that can
> > have it required? I submit that the vast majority of Fedora target
> > "market"will not ever need krb in Fedora. Can we please make this
> > change? In the past the answer has always been "well enterprises and
> > medium sized businesses may need it". Well, they can buy RHEL now.
> > 
> > Please let Fedora Core return to the non
> > massive-network-might-need-any-and-all-auth-options-so-we-build-them-all-in
> > days.
> 
> It's important for Fedora to be a technically featureful OS, and it's not
> clear why it's important to avoid Kerberos dependencies.
> 
> Being able to do secure network-wide single sign-on is a cool feature!

So is socksified ssh, but we don't get that! I assert that more people
use/need that than K support. Heck, nearly every single on of us at HPAQ
need it. Not even runsocks is available unless we go elsewhere. And no,
Kerberos won't solve that, ;^)

I've got networks doing single-sign on using ldap/pam/nss/friends, no K
needed.

As someone mentioned, paraphrasing "setting up/understanding Kerberos is
a nightmare". The tools to make this a reasonable expectation are simply
not there. Until they are, and they work correctly, it will remain "The
Great Evil that lives just outside of scanner range" (mmm Ur-Quan
Masters ;) ). It's kinda funny. With so few exceptions that I can count
them on one hand, I often ask people who say "Oh Kerberos is so awesome
and useful!": "Are you using it?" Do you know how?" "Do you *need* it?.
The answer to all three is "uhh no".

By then maybe we're just so backward here int he Pacific NW/ROck
Mountain area that our homes aren't filled with dozens of machines
begging for this.

"SSH is no replacement for Kerberos"
Agreed. But then again, you can reverse that statement with no change in
truth. Kerberos is not a replacement for SSH either. They are different
tools for different things. Apples and Oranges. After all can you not
use Kerberos authentication for ssh?


"But Kerberos takes up so little HD space." Fine, so it won't "cost"
that much to have a set of RPMS that are kerberized, and have it be and
option.


Geez, didn't know Kerberos was one of the Sacred Cows of RedHat err I
mean Fedora.

-- 
Bill Anderson
RHCE #807302597505773
bill at noreboots.com

More information about the fedora-devel-list mailing list