Herbert Steininger wrote: > Hi, > > Just wanted to know if it is safe to put a KDC-Server into DMZ? > > TIA > Herbert
Kerberos is designed to be the authentication service that clients will use to obtain access to the rest of the services within your infrastructure. As such it must be accessible to the clients in order for it to perform its job. Adding a proxy service in front of the KDC would not add any additional security but does increase the amount of code that would need to be audited to prevent against attacks. Whether you decide to place your KDC in the DMZ is a decision that must be made based upon a risk assessment of your organization's infrastructure. However, it is the intent of the designers that making access to the KDC publicly available should be safe. Jeffrey Altman Secure Endpoints Inc. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
