MIT kerberos vs heimdal

Tomasz Pala gotar at
Sat Feb 7 14:52:49 CET 2015

Anyone knows/remembers why did we choose heimdal over MIT? I assume
there were some reasons behind this decision (besides "let's do this in
a different way"), however I'm not sure if they are still valid (e.g.
missing features might have been added, someone might have taken over
abandoned maintaining etc.)

The only note I could find is krb5.spec header, so I'm worried that
current state is drived by inertia only, as every mainstream I
peek uses MIT. Heimdal OTOH requires some patching like:

I need my KDC to interact with non-PLD MIT-based Linux systems (fortunatelly
without any samba) and I prefer to have MIT password policies (LDAP
integration to use ppolicy requires non-reliable scripting anyway).

Tomasz Pala <gotar at>

More information about the pld-devel-en mailing list