On Mon, Jul 18, 2005 at 09:44:35PM +0930, Daniel O'Connor wrote: > There is always a trade off but it seems most people don't think Heimdal is > insecure enough to disable by default. (Has it has any bugs that have been > exploitable in an unused configuration recently? I don't believe so).
In the last two years, there have been some nasty problems in Heimdal, not as bad as MIT krb5 though. This is from memory, I might be wrong. For the original poster, the default is a trade-off, it has both postive and negative sides. In DragonFly, we still default to OFF, mostly because we can't take advantage of it e.g. for smb anyway, since we don't have NSS. Beside the given example of Active Directory, NFS 4 uses GSSAPI and Kerberos 5 too. Those are two things a lot of people want to support of the box. Joerg _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
