[Nix-dev] Re: kerberos client and server
Marco Maggesi
maggesi at math.unifi.it
Thu Jun 17 16:41:55 CEST 2010
Hi David,
On Jun 17, 2010, at 9:50 AM, David Guibert wrote:
> Hi,
>
> I've have a workable configuration to authenticate via kerberos with
> pam_krb5 and pam_ccreds to cache passwords for offline logins.
Nice!
This is something I wanted to have for a long time.
> in nixos/modules/config/krb5.nix, I install the default kerberos
> defined
> in nixpkgs instead of krb5 (MIT version).
>
> - systemPackages = [ pkgs.krb5 ];
> + systemPackages = [ pkgs.kerberos ];
>
> Marco (and others), is there a reason to specify krb5 instead of
> heimdal?
At the time I wrote the expression I made the minimum effort to make
kerberos work for my particular needs which essentially is kerbeors
+openafs to access the distributed file system of my department.
Someone told me that openafs works better with MIT keberos than
heimdal (don't know if this is true or not) and MIT keberos is what it
is used in by my "neighborhoods", so I made a pragmatic choice.
Now if more user are interested into it, we can try to improve the
configuration mechanism.
> Maybe we need a better way to specify the kerberos implementation.
Yes, I think it is better to parametrize the nix expressions over the
specific kerberos implementations so that each user can freely choose
what she prefer.
Marco
More information about the nix-dev
mailing list