[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)

To: openldap-software@OpenLDAP.org
Subject: Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)
From: Donn Cave <donn@u.washington.edu>
Date: Thu, 29 Jul 2004 09:47:04 -0700
In-reply-to: <Pine.LNX.4.58.0407290820350.2919@ybpnyubfg.ybpnyqbznva>

On Thursday, July 29, 2004, at 05:21 AM, Frank Swasey wrote:

On Wed, 28 Jul 2004 at 3:40pm, Donn Cave wrote:

How long do you
think it will take before every site where Redhat Linux is deployed
will have the latest krb5, for example?


Uhm.... about as long as it will take them to get the updated
cyrus-sasl...

And if the admin is building cyrus-sasl from source, then why wouldn't
they also build MIT Kerberos from source?


Well, there are a handful of issues that go into answering
that question, things like the degree to which these components
are respectively integrated into other unrelated applications,
how useful the vendor-suppplied configurations may be, etc.
Different for everyone, I suppose.

I believe that sites where OpenLDAP is going to be deployed with
secure authentication including GSSAPI will often take on their
own cyrus-sasl build but want to leave krb5 alone, so it's going
to be a huge step forward from today where they have to build Heimdal.
I can't prove it, but I guess it doesn't matter a whole lot what
I think anyway!

	Donn Cave, donn@u.washington.edu

References:
- Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)
  - From: Frank Swasey <Frank.Swasey@uvm.edu>

Prev by Date: slurpd setup - No Replication, but it's all in place...
Next by Date: Re: only Kerberos authentication
Index(es):
- Chronological
- Thread