Since Fedora is not aimed at enterpise/business ..
Stephen Smoogen
smoogen at lanl.gov
Wed Oct 1 19:21:30 UTC 2003
On Wed, 2003-10-01 at 13:11, Havoc Pennington wrote:
> On Wed, 2003-10-01 at 09:54, Bill Anderson wrote:
> > Does this mean we can now stop requiring kerberos in everything that can
> > have it required? I submit that the vast majority of Fedora target
> > "market"will not ever need krb in Fedora. Can we please make this
> > change? In the past the answer has always been "well enterprises and
> > medium sized businesses may need it". Well, they can buy RHEL now.
> >
> > Please let Fedora Core return to the non
> > massive-network-might-need-any-and-all-auth-options-so-we-build-them-all-in days.
>
> My view is the opposite, we need to be making single sign on more
> pervasive and more "just working"; it's an essential part of easy-to-use
> secure-out-of-the-box.
>
> _All_ apps that do authentication should work with Kerberos, out of the
> box. Mail clients, IMAP server, LDAP server, printing, Nautilus doing
> file transfer, thin client setup, X remote display, everything.
>
> Or if not Kerberos then some other equivalent technology, but Kerberos
> seems like the obvious choice. Pick one thing and make it work well and
> work everywhere.
>
We are using GSSAPI which I think is a strata above Kerberos, but
possibly could be used in many other things. I have been told by both
the clustering and applications teams that they prefer using it over
straight Kerberos. I will say that I am just a layman here.. I am only
1/10th through the new Kerberos O'Reilly book and also various
Cryptography books.
--
Stephen John Smoogen smoogen at lanl.gov
Los Alamos National Lab CCN-5 Sched 5/40 PH: 4-0645
Ta-03 SM-1498 MailStop B255 DP 10S Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --
More information about the fedora-devel-list
mailing list