"arpit.orb" <arpit....@gmail.com> writes: > Hi, > > I am using Kerberos over internet by assigning a public IP to KDC. However, I > have following doubts: > > 1. Why is it that Kerberos is not deployed as preferred authentication > mechanism over internet ? I understand that some reasons are vulnerability if > KDC over port 88, address in tickets etc. But is there any other technical > reason for which Kerberos should not be used over public network ?
I believe there is no technical reason the KDC can't be open to the entire Internet. Your organization's risk posture might dictate otherwise. Also, addresses in tickets haven't been the default for many years. > 2. Are there any known issues with and without VPN ? This seems to be a very general question. Do you have some specific scenarios in mind? ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos