What version next?
Shumon Huque
shuque at isc.upenn.edu
Thu Mar 1 12:35:50 EST 2007
On Thu, Mar 01, 2007 at 06:10:21PM +0100, Turbo Fredriksson wrote:
> Quoting Andreas Hasenack <ahasenack at terra.com.br>:
>
> > On Thu, Mar 01, 2007 at 12:01:33PM +0100, Turbo Fredriksson wrote:
> >> I'm currently running (happily!) 1.4.4 but I was wondering
> >> if 1.6 is something for me (i.e. my live servers)?
> >>
> >> What's so new and cool, I just HAVE to upgrade? I have a
> >> little spare time right now so... :)
> >
> > It's worth it if you want to learn about the new ldap backend. It opens
> > up many possibilities.
>
> Actually I would, but I bought the reasoning a(bout) a year
> ago that this was a 'bad thing'...
I think it depends.
If the intention is to allow various application services to
retrieve Kerberos keys over LDAP directly so that they can
perform password verification ("LDAP Authentication"), then I
think it's bad. We wouldn't do that at our site.
If the intention is to use LDAP to securely replicate the
Kerberos database across multiple KDCs in real time, or to
use it as a (Kerberos authenticated) administration protocol,
then I think that's a good thing. And we'd probably look into
using it.
--Shumon.
More information about the Kerberos
mailing list