It is much easier to protect one (or a few) Kerberos server then it is to protect all servers.
In our situation we have security people running the Kerberos server and we are paranoid about how it is maintained. Generic servers on the otherhand can be (and are) run by all sorts of people, many who have little security clue. -Jeff On Thu, Jan 29, 2004 at 06:58:08PM -0500, David Magda wrote: > Jeffrey Altman <[EMAIL PROTECTED]> writes: > > [...] > > usernames and passwords across the network to a potentially > > compromised machine in order for them to be validated against the > > copies stored in LDAP. > [...] > > And what prevents a Kerberos server from being compromised? Any > system can have a root-kit installed on it. > > -- > David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/ > Because the innovator has for enemies all those who have done well under > the old conditions, and lukewarm defenders in those who may do well > under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos