suggestion: move krb5 daemons to krb5-daemons subpackage
Alexander Boström
abo at kth.se
Tue Nov 23 22:57:44 UTC 2004
tis 2004-11-23 klockan 23:36 +0100 skrev Enrico Scholz:
> sopwith at redhat.com (Elliot Lee) writes:
>
> > kshd/klogind are fully encrypted if set up correctly. They're also a
> > lot faster than ssh.
>
> Setting up krb5 correctly without virtualization technology (e.g. vserver)
> or much money for extra hardware and powersupply is nearly impossible...
> Else, you will have only trouble with hostname vs. DNS name conflicts
> and/or multi-homed hosts.
Arguing that Kerberos is useless/unusable/broken/whatever is futile.
It's not. It also cannot be replaced with SSH. (Extending SSH to support
Kerberos is a good idea though.)
> The shipped KRB5 implementation misses features like replication or support
> for renaming of principals; and the rest of the system misses krb5 support
> completely (cups, w3m, svn), nobody cares about it (e.g. no SPNEGO support
> in firefox because missing buildrequires) or its implementation is not
> well-thought (e.g. login for local accounts fails when network is down).
Yes, this should be fixable. I'm mostly interested in Firefox and CUPS.
Are there bug reports already or should they be filed?
> ssh is much easier to use and provides neat features like encryption of
> X11 connections.
Heimdal has secure X11 forwarding.
/abo
More information about the fedora-devel-list
mailing list