SCIENTIFIC-LINUX-USERS Archives

February 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Ping Nico: AD?
From:
Tom H <[log in to unmask]>
Reply To:
Tom H <[log in to unmask]>
Date:
Tue, 11 Feb 2014 08:05:51 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (21 lines) 
On Mon, Feb 10, 2014 at 6:43 PM, Paul Robert Marino <[log in to unmask]> wrote:
>
> Most of the reason they left the AD stuff out is they are still tinkering
> with MIT Kerberos V server.
> They refuse to migrate to Heimdal the AD stuff in samba AD includes an
> embedded Heimdal Kerberos V server because the MIT version is common but
> doesn't quite cut it yet.
> I personally always use Heimdal when I create a Kerberos server because its
> more robust and plays nice with others because it complies with most of the
> RFC's. MIT Kerberos is close but its not quite there and has a lot of
> historical issues.
> Plus I love being able to host multiple Kerberos realms in a single KDC.
> Also the Heimdal Perl modules are nice too.

IIRC something else needs MIT so switching to Heimdal isn't straightforward.

Also freeipa is packaged for Fedora and is packaged as Red Hat
Identity Management in RHEL:

https://access.redhat.com/site/products/Identity_Management/

ATOM RSS1 RSS2