Re: HEADS UP! Kerberos5/Heimdal now default!

From: Jacques A. Vidrine <nectar_at_FreeBSD.org>
Date: Mon, 5 May 2003 07:10:50 -0500
On Mon, May 05, 2003 at 02:02:41AM -0700, Doug Barton wrote:
> I have to object to this change of direction. Both on POLA grounds, and on
> the grounds that because most people don't use kerberos, it shouldn't be
> the default. I also think that given the historical propensity of kerberos
> to be vulnerable to attack, it definitely shouldn't be included by
> default.

Actually, I think we've now fixed POLA issues ... previously we
installed the Kerberos bits by default, but did not rebuild them when
the rest of the system was updated.  Other OSes that supply Kerberos
directly come with those bits by default.

I do not think that whether or not `most people' use a part of the
system is the only (or most important) criteria in determining whether
or not to build or not build that part of the system by default.

To what `historical propensity' are you referring?  I intend this as
an honest question.  We include software in the base system that most
definitely has a poor security track record, but I don't think that
Kerberos 5 gets any distinction in this regard.

Cheers,
-- 
Jacques Vidrine   . NTT/Verio SME      . FreeBSD UNIX       . Heimdal
nectar_at_celabo.org . jvidrine_at_verio.net . nectar_at_freebsd.org . nectar_at_kth.se
Received on Mon May 05 2003 - 03:10:52 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:06 UTC