What are the relative advantages of Heimdal and MIT Kerberos now MIT is freely exportable? Ones I've come across so far that might be relevant to my particular project is that it seems MIT supports constrained delegation in the GSS-API layer and Heimdal doesn't yet, and that Heimdal has a --with-openssl config option that makes it easy to use a version of OpenSSL other than the system default. Either can be worked around. I've found mailing list comments suggesting that Heimdal's thread safety is better, but they are fairly dated.
Asked
Active
Viewed 2,578 times
7
-
I suspect but cannot prove there are still political concerns. For instance despite MIT being now free to distribute K online, export to the seven (eight?) watchlist nations is probably still illegal (or at least problematic) whereas people in those embargoed countries could get heimdal without those difficulties. – adric Jan 13 '14 at 19:20
-
True, it's not _completely_ freely exportable, just much much more so than in the 1990s. http://en.wikipedia.org/wiki/Kerberos_(protocol)#History_and_development http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States#PC_era The still embargoed countries are (I think) Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria (though also I've seen lists which omit Iraq ans Libya - the US government page cited is 404 and I haven't bothered to track down where it moved to) http://www.cryptolaw.org/cls2.htm#us_terror – armb Jan 14 '14 at 08:57
1 Answers
2
In my case, part of the answer turns out to be "Heimdal's kadmin supports adding constrained delegation attributes, MIT doesn't support constrained delegation with the default backend and requires you to modify the LDAP database directly if you use the LDAP backend".
I'd still be interested in learning of other people's opinions or experiences.
armb
- 622
- 4
- 9
-
1On the other hand, MIT still has regular releases, Heimdal's last public one was 2012 - cf. https://www.h5l.org/releases.html http://web.mit.edu/kerberos/ – armb Feb 05 '16 at 10:49
-
Heimdal had a major new release on 2016-12-22 http://www.h5l.org/releases.html?show=7.1.0 – armb Mar 06 '17 at 15:31