Problem with setting up Kerberos server
Dennis Davis
D.H.Davis at bath.ac.uk
Mon Dec 1 09:05:58 EST 2003
>To: sam <samwun at hgcbroadband.com>
>References: <bqd3p7$12p9$1 at news.hgc.com.hk>
>From: Sam Hartman <hartmans at mit.edu>
>Date: Mon, 01 Dec 2003 08:37:09 -0500
>cc: kerberos at mit.edu
>Subject: Re: Problem with setting up Kerberos server
>
>>>>>> "sam" == sam <samwun at hgcbroadband.com> writes:
>
> sam> Dear all, I don't know how many of you setup Kerberos in
> sam> OpenBSD. I followed the instruction in OpenBSD website to
> sam> setup kerberos server, but I encountered problem when
> sam> executing the ext_srvtab command:
>
>Those instructions seem to be encouraging you to set up a new Kerberos
>IV realm. You should consider setting up Kerberos V instead.
>Kerberos IV is old, no longer developed and has many security
>problems.
Kerberos IV code has been removed from the latest version of
OpenBSD, OpenBSD3.4 which was released a month ago. Previous
versions of OpenBSD included Kerberos IV code from:
http://www.pdc.kth.se/kth-krb/
But Kerberos V code from:
http://www.pdc.kth.se/heimdal/
has also been present in recent versions of OpenBSD. If you're
starting from scratch, you would be much better forgetting about
Kerberos IV and going to Kerberos V.
>I do not have experience with either version of Kerberos under
>OpenBSD.
MIT's krb5-1.3.1.tar.gz compiles and runs on OpenBSD with just minor
changes to the source. I've adopted the practice of compiling it
with static libraries to avoid namespace clashes with the Kerberos V
libraries from Heimdal. Although workrounds for these clashes are
possible.
More information about the Kerberos
mailing list