It is much easier to protect one (or a few) Kerberos server then it is
to protect all servers.
In our situation we have security people running the Kerberos server
and we are paranoid about how it is maintained. Generic servers on the
otherhand can be (and are) run by all sorts of people, many who have
little security clue.
-Jeff
On Thu, Jan 29, 2004 at 06:58:08PM -0500, David Magda wrote:
> Jeffrey Altman <[EMAIL PROTECTED]> writes:
>
> [...]
> > usernames and passwords across the network to a potentially
> > compromised machine in order for them to be validated against the
> > copies stored in LDAP.
> [...]
>
> And what prevents a Kerberos server from being compromised? Any
> system can have a root-kit installed on it.
>
> --
> David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
> Because the innovator has for enemies all those who have done well under
> the old conditions, and lukewarm defenders in those who may do well
> under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
> ________________________________________________
> Kerberos mailing list [EMAIL PROTECTED]
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
