Kerberos for Windows 3.2.3-alpha and Network Identity Manager 2.0
Jeffrey Altman
jaltman at secure-endpoints.com
Mon Nov 15 16:27:24 EST 2010
On 11/12/2010 6:34 PM, petesea at bigfoot.com wrote:
> I have a few questions about the new Kerberos for Windows (KfW) on MIT's
> website and the new Network Identity Manager (NIM) on Secure Endpoints
> website.
>
> - What's different between KfW-3.2.2 and KfW-3.2.3.alpha on MIT's website?
> Are there any release notes for 3.2.3.alpha?
I can't say exactly what is in 3.2.3-alpha but I believe it is simply a
rebuild with 64-bit binaries and a
small number of krb5 security updates that were committed to the 1.6
branch at the time.
>
> - At the end of the KfW-3.2.3.alpha install, there's a question:
>
> Ensure that the Kerberos tickets are available throughout the Windows
> login session
>
> What does this mean?
This sounds like "auto renewal". I'm not sure what changes to the
installer may have been made by MIT.
> And how is this setting configured? I couldn't find
> a difference in what was installed or in the registry depending on if this
> was enabled or not.
>
> - Exactly how "alpha" is 3.2.3? Based on the dates here:
>
> http://web.mit.edu/kerberos/dist/kfw/3.2/kfw-3.2.3-alpha1/
>
> It looks like it's been on the website for almost 1.5 years, which seems
> like quite a while... are there plans to release this at some point?
MIT?
>
> - Does 3.2.3 include the new NIM 2.0 from Secure Endpoints website?
No. Secure Enpoints has requested that MIT either update to the latest
NetIdMgr code base which is available from
https://github.com/secure-endpoints/netidmgr
or pull it from the KFW installers. The version of NetIdMgr in 3.2.3
alpha from MIT is 1.3.1.
>
> - Can NIM 2.0 (from Secure Endpoints) be installed over top KfW
> 3.2.3.alpha? And if so, is it a wise thing to do?
Yes it can be. The NetIdMgr module in the MIT 3.2.3 installer is the
same as 3.2.2 and it will be upgraded to 2.0 by the latest Secure
Endpoints NetIdMgr installer.
Secure Endpoints will be releasing in the coming days a Secure Endpoints
KFW package called 3.2.3 which is the MIT KFW distribution minus
NetIdMgr. There are improvements to the installer package so that on
64-bit systems both the 32-bit and 64-bit libraries are installed in one
installer.
Secure Endpoints will also be announcing NetIdMgr 2.1 which is built
using the Heimdal Kerberos compatibility SDK:
https://github.com/secure-endpoints/heimdal-krbcompat
NetIdMgr 2.1 will work seamlessly with both KFW 3.2.x and Heimdal 1.4.1.
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20101115/e2fe30ce/attachment.bin
More information about the Kerberos
mailing list