heimdal & krb5
gregdavis at ieee.org
Fri Oct 22 13:35:16 PDT 2004
> I'm updating (re-installing) LFS-BLFS from 5.0 to 5.1 and noticed the
> added security packages Heimdal and MIT krb 5 in BLFS 5.1. I'm not really
> familiar with those packages so I was hoping somebody could advise me on
> what to do. I'm using LFS on a gateway, an internal mail/file/dns-dhcp
> server and a workstation in a small bussiness (15 pc's).
> As both are free implementations of Kerberos 5 I can assume I only need
> one of both (right?), but further I want to know if they are a 'must' for
> increased general network security or just an option.
> Pardon my ignorance.
Both are implementations of Kerberos 5, but I think only Heimdal has a
krb-afs library used by some other applications for AFS (network file
system replacement) support. Hiemdal might also work around any cipher
exportation laws in the US, if MIT doesn't let you download from another
country. Yes, you only need one. Kerberos is one answer to authentication
in networks to avoid sending clear text passwords, and both MIT and Heimdal
sites probably have available documentation as to why it is good. It is
not "the Best" way to do things, of course. The best way to secure your
network is to turn off all the computers and unplug their ethernet cables.
More information about the blfs-support