FIPS certification

Russ Allbery rra at stanford.edu
Sat Feb 28 00:45:21 EST 2009


Randy Turner <rturner at amalfisystems.com> writes:

> I haven't completely analyzed MIT Kerberos, but I was wondering if it
> would be possible to get the MIT Kerberos subsystem to use the OpenSSL
> crypto API for any cryptographic support needed for Kerberos?

I believe it would be extremely difficult (although maybe someone has made
changes on this front and I've missed them).  If you want Kerberos
libraries that use OpenSSL crypto, you'll probably find it easier to just
use Heimdal, which already does so, than trying to change MIT Kerberos to
do so.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list