Heimdal is/will be integrated with Samba 4 in its Active Directory implementation.


MIT Kerberos is well supported. It is the reference implementation and default on RedHat and I believe Debian as well. OTOH, Heimdal had slightly nicer administration tools IIRC, but I've gone with MIT.


I would tend to answer, "whichever one is provided by your distribution", unless there are particular features you need that are only available in one or the other. For example, Heimdal lets you use an LDAP directory as your keystore, which may be attractive in a larger organization (since you can store Kerberos credentials and other user information in the same place).


According to http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kerberos5.html

Kerberos is both the name of a network authentication protocol and an adjective to describe programs that implement the program (Kerberos telnet, for example). The current version of the protocol is version 5, described in RFC 1510.

Several free implementations of this protocol are available, covering a wide range of operating systems. The Massachusetts Institute of Technology (MIT), where Kerberos was originally developed, continues to develop their Kerberos package. It is commonly used in the US as a cryptography product, as such it has historically been affected by US export regulations. The MIT Kerberos is available as a port (security/krb5). Heimdal Kerberos is another version 5 implementation, and was explicitly developed outside of the US to avoid export regulations (and is thus often included in non-commercial UNIX® variants). The Heimdal Kerberos distribution is available as a port (security/heimdal), and a minimal installation of it is included in the base FreeBSD install.

In order to reach the widest audience, these instructions assume the use of the Heimdal distribution included in FreeBSD.

So it is also a law matter...