What is the difference between Heimdal and MIT as far usability goes? MIT seems to be the default on major linux distrobutions, but I here a lot about people preferring Heimdal, but I can't find any reasons why. Is one generally more stable/faster/reliable than the other? There is already a blank wiki page at http://wiki.samba.org/index.php/Samba_%26_Kerberos so if anyone has any good information, I'll put it there. James Dinkel Network Engineer Butler County of Kansas There are 10 types of people in the world: those who understand binary, and those who don't.
On Fri, 2006-12-22 at 10:23 -0600, James A. Dinkel wrote:> What is the difference between Heimdal and MIT as far usability goes? > MIT seems to be the default on major linux distrobutions, but I here a > lot about people preferring Heimdal, but I can't find any reasons why. > Is one generally more stable/faster/reliable than the other?The biggest thing users will notice is that the error message system returns contextual errors, with the actual reason for the failure, not just the translated code. It often includes the vital clues that help fix up the inevitable kerberos issues. I've use Heimdal in Samba4, particularly because of the close working relationship I have with it's primary maintainer. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20061224/4c19f5dd/attachment.bin
> -----Original Message----- > From: Andrew Bartlett > Sent: Saturday, December 23, 2006 3:42 PM > > The biggest thing users will notice is that the error message system > returns contextual errors, with the actual reason for the failure, not > just the translated code. It often includes the vital clues that help > fix up the inevitable kerberos issues. > > I've use Heimdal in Samba4, particularly because of the close working > relationship I have with it's primary maintainer. > > Andrew BartlettIs this "close working relationship" true of the entire Samba team (or at least of anyone involved in coding anything related to Kerberos)? Samba's "Authentication Developer"'s preference of Heimdal over MIT is good enough for me, but I would like to put some accurate information in the wiki, as it pertains to Samba users. I went ahead and added a blurb to this page: http://wiki.samba.org/index.php/Samba_%26_Kerberos since this is the only feedback I've gotten thus far.
> -----Original Message----- > From: Andrew Bartlett [mailto:abartlet@samba.org] > Sent: Tuesday, December 26, 2006 4:38 PM > > It's a Samba4 thing, because we bundle kerberos in the distribution. > > <snip> > > Almost all users will use the system kerberos libraries, whatever they > are. They tend to be difficult to replace. > > Andrew BartlettThe only thing is, I think Ubuntu/Debian and CentOS can use either one, although I think MIT is the "standard" (which is what I used). I edited the wiki page. Anyway, thanks for all the info!
Maybe Matching Threads
- Does OpenSSH+GSSAPI interoperate between Heimdal and MIT?
- Question about Kerberos and what is the different if compile with internal heimdal or mit-krb5
- MIT Kerberso or Heimdal Kerberos what is the question?
- heimdal and mit incompatability when using GSSAPI
- mit-krb5 and heimdal binaries