trouble deciding which kerberos flavor

Christopher D. Clausen cclausen at acm.org
Mon Oct 25 17:51:45 EDT 2010


Ken Dreyer <ktdreyer at ktdreyer.com> wrote:
> On Thu, Oct 21, 2010 at 1:10 PM, eric <krb.help at hopevaleufsd.org> wrote:
>> I just want to know any differences that MIT and Heimdal have with each
>> other:
>
> I think someone at the 2010 Kerberos Conference summarized it this way:
>
> MIT is likely to be what your OS vendor ships. Heimdal has more features.

I'd say that depends on the features you want.

Unless my information is out of date, MIT KDCs support policies where you 
can setup groups of principals with different security requirements (like 
say, students, faculty, staff, hosts, services, etc.) and then customize 
password length, strength, expiration and other settings for each of these 
groups.  In Heimdal this needs to be set on each principal which makes it 
really annoying to change after initial account creation.

<<CDC




More information about the Kerberos mailing list