[OpenAFS] with or without krb5 and openldap?

Derrick J Brashear shadow@dementia.org
Fri, 1 Aug 2003 01:06:08 -0400 (EDT)


On Fri, 1 Aug 2003, Derek Atkins wrote:

> Karl Bowden <kbowden@pacificspeed.com.au> writes:
>
> > On second thoughts, after looking into hesiod a bit further, it does not
> > seem that secure at all. Would this be a correct view? If so I would
> > rather keep working on an LDAP implimentation.
>
> Hesiod is not any less secure than LDAP.  At least with Hesiod if you

Actually I suspect it's easier to configure TLS with LDAP than DNSSEC with
Hesiod.

> deploy DNSSec you get complete security.  OTOH, you do not require a
> significant amount of security on hesiod info -- who cares about your
> GECOS field?  The real authentication security is from Kerberos.