thanks a lot for you reply actually, i was thinking of two separate machines one for the KDC and the other for the OpenLDAP, i read an article that suggests the separation to avoid to secure the KDC. A machine dedicated for the KDC will guarantee absense of all services except the kdc services and i think this reduces the hacking chances. please tell me if this is not true.. thanks Amir Saad Software Engineer
________________________________ From: [EMAIL PROTECTED] on behalf of Turbo Fredriksson Sent: Sat 1/7/2006 12:38 PM To: kerberos@mit.edu Subject: Re: KDC Hardware Quoting Jeffrey Hutzelman <[EMAIL PROTECTED]>: > On Friday, January 06, 2006 12:37:51 PM +0100 Turbo Fredriksson > <[EMAIL PROTECTED]> wrote: > >> Quoting Jeffrey Hutzelman <[EMAIL PROTECTED]>: >> >>> On Thursday, January 05, 2006 10:03:44 AM +0200 Amir Saad >>> <[EMAIL PROTECTED]> wrote: >>> >>>> i use Fedora 4, OpenLDAP and Kerberos instead of NIS >>>> what is the suitable hardware configuration for the KDC to support a >>>> network with 200 machines? thanks >>> >>> Whatever random piece of crap you have lying around will do just fine. > >> Note though the 'random piece of crap' note is true when it comes >> to KERBEROS (that doesn't need ANYTHING regarding power/storage/speed) >> but not LDAP... That is a lot more demanding... > > True. The original question was about a KDC, not an LDAP server. Doh, right. Sorry. He just mentioned OpenLDAP so I _assumed_ he would be running both the LDAP _and_ the KDC on the same host. No point really to separate them. Or?!? Security? Nah, both need _extra ordinary security_ so it's easier to safegard ONE machine than two (* nr of slaves of course :). Price? Keeping the KDC at the very cheapest and the LDAP a lot more expencive IS of course a reason, but then you have to take into account how much extra 'resources' (time mostly) to keep an extra machine safe. But then again, buying one cheap and one more expensive IS more expensive than buying a 'expencive + some extra for the KDC'... ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
