[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)

On Thursday, July 29, 2004, at 05:21 AM, Frank Swasey wrote:
On Wed, 28 Jul 2004 at 3:40pm, Donn Cave wrote:

How long do you
think it will take before every site where Redhat Linux is deployed
will have the latest krb5, for example?

Uhm.... about as long as it will take them to get the updated cyrus-sasl...

And if the admin is building cyrus-sasl from source, then why wouldn't
they also build MIT Kerberos from source?

Well, there are a handful of issues that go into answering that question, things like the degree to which these components are respectively integrated into other unrelated applications, how useful the vendor-suppplied configurations may be, etc. Different for everyone, I suppose.

I believe that sites where OpenLDAP is going to be deployed with
secure authentication including GSSAPI will often take on their
own cyrus-sasl build but want to leave krb5 alone, so it's going
to be a huge step forward from today where they have to build Heimdal.
I can't prove it, but I guess it doesn't matter a whole lot what
I think anyway!

	Donn Cave, donn@u.washington.edu