Since Fedora is not aimed at enterpise/business ..

[Dax Kelson]

On Wed, 2003-10-01 at 07:54, Bill Anderson wrote:
> Does this mean we can now stop requiring kerberos in everything that can
> have it required? I submit that the vast majority of Fedora target
> "market"will not ever need krb in Fedora. Can we please make this
> change? In the past the answer has always been "well enterprises and
> medium sized businesses may need it". Well, they can buy RHEL now. 
> 
> Please let Fedora Core return to the non
> massive-network-might-need-any-and-all-auth-options-so-we-build-them-all-in days.

Bill, what are your reasons? What concrete problems are you experiencing
with kerberos support being compiled into software?

Sometimes I hear, "but I have SSH, I don't need Kerberos".

SSH narrowly targets (and solves) a single problem. Kerberos, while
having similar goals as SSH, is a all encompassing solution. Ergo, for
all the reasons someone would want SSH in an intra-net environment, they
should also want Kerberos to an even stronger degree.

Kerberos is a very good thing for organizations of all sizes and
personnel of all types: 

For sysadmins:

* Strong user authentication
* Mutual client <-> server authentication (no man-in-the-middle attacks)
* Encrypted replacements for common protocols
* Kernel 2.6 with NFSv4 + Kerberos == No more NFS security/trust issues

For users:

* Single sign on

The nirvana Linux network setup includes the following:

* LDAP directory
* Kerberos Authentication
* Autofs for home directories
* Kerberized NFSv4

Dax Kelson
Guru Labs