Which kerberos flavor?
Solution 1
Heimdal is/will be integrated with Samba 4 in its Active Directory implementation.
Solution 2
MIT Kerberos is well supported. It is the reference implementation and default on RedHat and I believe Debian as well. OTOH, Heimdal had slightly nicer administration tools IIRC, but I've gone with MIT.
Solution 3
I would tend to answer, "whichever one is provided by your distribution", unless there are particular features you need that are only available in one or the other. For example, Heimdal lets you use an LDAP directory as your keystore, which may be attractive in a larger organization (since you can store Kerberos credentials and other user information in the same place).
Solution 4
According to http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kerberos5.html
Kerberos is both the name of a network authentication protocol and an adjective to describe programs that implement the program (Kerberos telnet, for example). The current version of the protocol is version 5, described in RFC 1510.
Several free implementations of this protocol are available, covering a wide range of operating systems. The Massachusetts Institute of Technology (MIT), where Kerberos was originally developed, continues to develop their Kerberos package. It is commonly used in the US as a cryptography product, as such it has historically been affected by US export regulations. The MIT Kerberos is available as a port (security/krb5). Heimdal Kerberos is another version 5 implementation, and was explicitly developed outside of the US to avoid export regulations (and is thus often included in non-commercial UNIX® variants). The Heimdal Kerberos distribution is available as a port (security/heimdal), and a minimal installation of it is included in the base FreeBSD install.
In order to reach the widest audience, these instructions assume the use of the Heimdal distribution included in FreeBSD.
So it is also a law matter...
Related videos on Youtube
06 : 08
03 : 13
![[OverRapid/Phigros] Kerberos - Zris【音源】【高音質】](https://i.ytimg.com/vi/hneaztsH43s/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDvEYHcfkSKRd-FBMKlA0yQe9-8vQ)
02 : 09
02 : 35
05 : 29
Michael Lowman
I'm a developer that dabbles in system administration from time to time.
Updated on September 17, 2022Comments
-
Michael Lowman almost 2 years
So I'm setting up a small network with all the standard stuff (files, email, etc.) and I've decided to go with a Kerberos+LDAP solution. Any ideas or recommendations on Heimdal vs. MIT?
I've used MIT before, and tangentially Heimdal, but I don't really know of any real reason for using one over the other. I just know that I'd prefer not to realize I'd rather be running MIT after getting the whole Heimdal up and running with a full user database.
If any other info'd be useful, I'm happy to provide.
-
Michael Lowman over 13 yearsWell, my distro's Gentoo. so that's both :) and MIT can do the same, but I'm planning on using local database files anyways
-
plluksie over 13 yearsCould you provide exact source?
-
Michael Lowman over 13 yearsWell... I don't live in Iran, North Korea, or any other country considered a terrorist state and therefore subject to export control regulations. Other than that restriction, there haven't been that kind of export control restrictions on strong crypto since 1996. Maybe my question would be better phrased, "Is the only reason to use Heimdal or Kerberos supporting a legacy system from when only Heimdal was legal?"
-
Michael Lowman over 13 yearsas far as I can tell from random googling, Samba4 currently has heimdal integrated in the source tree. It does look like there's an effort to make it mit compatible, and idk how far that's got. Still, looks like that included heimdal and ldap's here to stay. Thanks!
