K 10
svn:author
V 3
bhd
K 8
svn:date
V 27
2016-06-18T13:38:23.153996Z
K 7
svn:log
V 1437
Update to r44840:

Technical review of the Kerberos chapter

Many of the statements in this chapter were just plain wrong.

Apply some major modernization, in particular the current Kerberos RFC is
4120, not 1510.  Kerberized telnet, rlogin, ftp and similar are no longer
recommended -- use ssh and scp instead.

The heimdal in base is no longer crippled so as to be a minimal installation;
it is fully functional.  The heimdal in ports does offer the option to install
some additional features such as KCM and PKINIT.

Add a bit more introduction to Kerberos terminology and conventions.

Make the sample output closer to the current reality.

Don't imply that eight characters is a particularly strong password.

security/krb5 does not install ktelnetd, klogind, and friends anymore,
so there's no need to mention its README.FreeBSD here (especially since
these things are disrecommended anyway).

www/mod_auth_kerb uses the HTTP/ principal, not the www/ principal.

Kerberized ssh uses GSSAPI these days, so the Kerberos-specific options
are not worth mentioning.

Kerberos works just fine on multiuser machines; the permissions of
credentials cache files are set to 0600.

Remove the section on access issues with kerberos and ssh; it is very
confused.  (It seems to be talking about ssh keys and ssh-agent, but
in a very unclear and inaccurate fashion.)

There is still more to be done here, but this should get us most of the way.

END