Kerberos Integration (Was: Fedora Crypto Consolidation Project)

Nicolas Mailhot nicolas.mailhot at
Sat Sep 1 09:08:41 UTC 2007

Le samedi 01 septembre 2007 à 07:53 +0200, Alexander Boström a écrit :
> This reminds me...
> I've been meaning to propose a Better Kerberos Integration Project. Is
> there anyone else out there who's dissatisfied with the lack of simple
> and pervasive integration and support for Kerberos in the free operating
> systems, applications and protocols?

IMHO kerberos app support is the wrong level to tackle.

We all know active directory is just kerberos+ldap, we've been shipping
kerberos & ldap infrastructure for years (and the fedora directory
server is supposed to be even better), and yet somehow few (if any) ever
use it.

Contrast it with the widely reviled active directory infrastructure
every windows user just uses by default.

Making kerberos+ldap a breeze to setup should be the priority. Once
there users will pressure app writers themselves to get kerberos support
built-in (and Red Hat has erred spending many years maintaining its own
kerberized forks and ignoring the setup problem).

This BTW would also kill all the poor man ldap clones app writers are so
fond of (because it's easier writting your own contact db implementation
than explaining to users how to setup an actual ldap server)

Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <>

More information about the fedora-devel-list mailing list