What version next? - Kerberos

This is a discussion on What version next? - Kerberos ; I'm currently running (happily!) 1.4.4 but I was wondering if 1.6 is something for me (i.e. my live servers)? What's so new and cool, I just HAVE to upgrade? I have a little spare time right now so... ________________________________________________ Kerberos ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: What version next?

  1. What version next?

    I'm currently running (happily!) 1.4.4 but I was wondering
    if 1.6 is something for me (i.e. my live servers)?

    What's so new and cool, I just HAVE to upgrade? I have a
    little spare time right now so...
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: What version next?

    On Thu, Mar 01, 2007 at 12:01:33PM +0100, Turbo Fredriksson wrote:
    > I'm currently running (happily!) 1.4.4 but I was wondering
    > if 1.6 is something for me (i.e. my live servers)?
    >
    > What's so new and cool, I just HAVE to upgrade? I have a
    > little spare time right now so...


    It's worth it if you want to learn about the new ldap backend. It opens
    up many possibilities.
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  3. Re: What version next?

    Quoting Andreas Hasenack :

    > On Thu, Mar 01, 2007 at 12:01:33PM +0100, Turbo Fredriksson wrote:
    >> I'm currently running (happily!) 1.4.4 but I was wondering
    >> if 1.6 is something for me (i.e. my live servers)?
    >>
    >> What's so new and cool, I just HAVE to upgrade? I have a
    >> little spare time right now so...

    >
    > It's worth it if you want to learn about the new ldap backend. It opens
    > up many possibilities.


    Actually I would, but I bought the reasoning a(bout) a year
    ago that this was a 'bad thing'...

    So nothing else new?
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  4. Re: What version next?

    On Thu, Mar 01, 2007 at 06:10:21PM +0100, Turbo Fredriksson wrote:
    > Quoting Andreas Hasenack :
    >
    > > On Thu, Mar 01, 2007 at 12:01:33PM +0100, Turbo Fredriksson wrote:
    > >> I'm currently running (happily!) 1.4.4 but I was wondering
    > >> if 1.6 is something for me (i.e. my live servers)?
    > >>
    > >> What's so new and cool, I just HAVE to upgrade? I have a
    > >> little spare time right now so...

    > >
    > > It's worth it if you want to learn about the new ldap backend. It opens
    > > up many possibilities.

    >
    > Actually I would, but I bought the reasoning a(bout) a year
    > ago that this was a 'bad thing'...


    I think it depends.

    If the intention is to allow various application services to
    retrieve Kerberos keys over LDAP directly so that they can
    perform password verification ("LDAP Authentication"), then I
    think it's bad. We wouldn't do that at our site.

    If the intention is to use LDAP to securely replicate the
    Kerberos database across multiple KDCs in real time, or to
    use it as a (Kerberos authenticated) administration protocol,
    then I think that's a good thing. And we'd probably look into
    using it.

    --Shumon.
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  5. Re: What version next?

    I'd definitely start testing 1.6 on clients and servers. I think 1.6
    is much more stable than 1.5, and I believe that enough has chnaged
    that you'll want to see if there are going to be any difficult
    migration issues while you have time.

    Deploying 1.6 clients is a good idea because the referrals support in
    1.6 will eventually be useful to you. It's client side only right
    now, but that allows you to get the clients out.

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  6. Re: What version next?

    On Mar 1, 2007, at 12:10, Turbo Fredriksson wrote:
    > Quoting Andreas Hasenack :
    >
    >> On Thu, Mar 01, 2007 at 12:01:33PM +0100, Turbo Fredriksson wrote:
    >>> I'm currently running (happily!) 1.4.4 but I was wondering
    >>> if 1.6 is something for me (i.e. my live servers)?
    >>>
    >>> What's so new and cool, I just HAVE to upgrade? I have a
    >>> little spare time right now so...

    >>
    >> It's worth it if you want to learn about the new ldap backend. It
    >> opens
    >> up many possibilities.

    >
    > Actually I would, but I bought the reasoning a(bout) a year
    > ago that this was a 'bad thing'...


    Okay, well, no one's forcing you to use that back end. :-)

    > So nothing else new?


    Some plugin interfaces in the krb5 library, including
    preauthentication and KDC location determination; more will likely be
    added in the future. Client-side support for server name referrals,
    if you're using a Microsoft KDC. SPNEGO support in GSSAPI. A KDB
    database abstraction layer, which is how the LDAP support was added.
    (Want to write support for another database back end?) Security
    patches and many other bug fixes...

    Ken
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  7. Re: What version next?

    Quoting Sam Hartman :

    > because the referrals support in 1.6 will eventually be useful to
    > you.


    Referrals support? Is that like the referrals in LDAP
    terms?
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  8. Re: What version next?

    Quoting Ken Raeburn :

    > including preauthentication and KDC location determination


    What does this mean/do?

    > Client-side support for server name referrals,
    > if you're using a Microsoft KDC. SPNEGO support in GSSAPI.


    Is this going to make it easier (in exactly what way) to use
    a MIT Kerberos V KDC as a (almost?) native Kerberos server/KDC?

    > (Want to write support for another database back end?)


    You wish . Nah, I'm quite happy with the current backend.
    It's proven to be the most stable and easy to use/replicate...

    > Security patches and many other bug fixes...


    How long until it's considerd production quality? Is it
    there already?
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread