Discussion:
[Samba] Heimdal or MIT kerberos comparison
James A. Dinkel
2006-12-22 22:24:11 UTC
Permalink
What is the difference between Heimdal and MIT as far usability goes?
MIT seems to be the default on major linux distrobutions, but I here a
lot about people preferring Heimdal, but I can't find any reasons why.
Is one generally more stable/faster/reliable than the other?



There is already a blank wiki page at
http://wiki.samba.org/index.php/Samba_%26_Kerberos so if anyone has any
good information, I'll put it there.



James Dinkel

Network Engineer

Butler County of Kansas



There are 10 types of people in the world: those who understand binary,
and those who don't.
Andrew Bartlett
2006-12-24 03:42:02 UTC
Permalink
Post by James A. Dinkel
What is the difference between Heimdal and MIT as far usability goes?
MIT seems to be the default on major linux distrobutions, but I here a
lot about people preferring Heimdal, but I can't find any reasons why.
Is one generally more stable/faster/reliable than the other?
The biggest thing users will notice is that the error message system
returns contextual errors, with the actual reason for the failure, not
just the translated code. It often includes the vital clues that help
fix up the inevitable kerberos issues.

I've use Heimdal in Samba4, particularly because of the close working
relationship I have with it's primary maintainer.

Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20061224/4c19f5dd/attachment.bin
James A. Dinkel
2006-12-27 04:29:04 UTC
Permalink
-----Original Message-----
From: Andrew Bartlett
Sent: Saturday, December 23, 2006 3:42 PM
The biggest thing users will notice is that the error message system
returns contextual errors, with the actual reason for the failure, not
just the translated code. It often includes the vital clues that help
fix up the inevitable kerberos issues.
I've use Heimdal in Samba4, particularly because of the close working
relationship I have with it's primary maintainer.
Andrew Bartlett
Is this "close working relationship" true of the entire Samba team (or
at least of anyone involved in coding anything related to Kerberos)?
Samba's "Authentication Developer"'s preference of Heimdal over MIT is
good enough for me, but I would like to put some accurate information in
the wiki, as it pertains to Samba users. I went ahead and added a blurb
to this page: http://wiki.samba.org/index.php/Samba_%26_Kerberos since
this is the only feedback I've gotten thus far.
Andrew Bartlett
2006-12-27 04:38:54 UTC
Permalink
Post by James A. Dinkel
-----Original Message-----
From: Andrew Bartlett
Sent: Saturday, December 23, 2006 3:42 PM
The biggest thing users will notice is that the error message system
returns contextual errors, with the actual reason for the failure, not
just the translated code. It often includes the vital clues that help
fix up the inevitable kerberos issues.
I've use Heimdal in Samba4, particularly because of the close working
relationship I have with it's primary maintainer.
Andrew Bartlett
Is this "close working relationship" true of the entire Samba team (or
at least of anyone involved in coding anything related to Kerberos)?
It's a Samba4 thing, because we bundle kerberos in the distribution.
Post by James A. Dinkel
Samba's "Authentication Developer"'s preference of Heimdal over MIT is
good enough for me, but I would like to put some accurate information in
the wiki, as it pertains to Samba users. I went ahead and added a blurb
to this page: http://wiki.samba.org/index.php/Samba_%26_Kerberos since
this is the only feedback I've gotten thus far.
Almost all users will use the system kerberos libraries, whatever they
are. They tend to be difficult to replace.

Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20061227/e5d8485f/attachment.bin
James A. Dinkel
2006-12-27 20:39:37 UTC
Permalink
-----Original Message-----
Sent: Tuesday, December 26, 2006 4:38 PM
It's a Samba4 thing, because we bundle kerberos in the distribution.
<snip>
Almost all users will use the system kerberos libraries, whatever they
are. They tend to be difficult to replace.
Andrew Bartlett
The only thing is, I think Ubuntu/Debian and CentOS can use either one,
although I think MIT is the "standard" (which is what I used). I edited
the wiki page. Anyway, thanks for all the info!

Loading...