On Mon, Feb 10, 2014 at 6:43 PM, Paul Robert Marino <[log in to unmask]> wrote:
>
> Most of the reason they left the AD stuff out is they are still tinkering
> with MIT Kerberos V server.
> They refuse to migrate to Heimdal the AD stuff in samba AD includes an
> embedded Heimdal Kerberos V server because the MIT version is common but
> doesn't quite cut it yet.
> I personally always use Heimdal when I create a Kerberos server because its
> more robust and plays nice with others because it complies with most of the
> RFC's. MIT Kerberos is close but its not quite there and has a lot of
> historical issues.
> Plus I love being able to host multiple Kerberos realms in a single KDC.
> Also the Heimdal Perl modules are nice too.
IIRC something else needs MIT so switching to Heimdal isn't straightforward.
Also freeipa is packaged for Fedora and is packaged as Red Hat
Identity Management in RHEL:
https://access.redhat.com/site/products/Identity_Management/