>>>>> "ms419" == ms419 <[EMAIL PROTECTED]> writes:
ms419> Pardon this newbish question, but here's the setup: I want
ms419> to distribute the keys for one host among two
ms419> realms. Basically, I've got a sensitive service running on
ms419> a couple of hosts, and a less secure service running on the
ms419> same hosts. I want to store the keys for the sensitive
ms419> service in one realm, and the keys for the others in
ms419> another. Any problems with these premises?
Yes. Current Kerberos implementations assume a host belongs to one
realm. You'll find it difficult to actually do this.
Also, users will end up having multiple passwords which will be
annoying.
I recommend having one KDC which is more secure than your most
sensitive service.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
