pod, Thu Jul 09 2009 21:38:31 GMT+0200 (CEST): > Peter Jordan <[email protected]> writes: > >> It is not my decission to isolate kerberos. >> >> Is it safe to open kerberos for the world? > > It's not clear that anyone on this list can answer that question since it > depends on what "safe" and "kerberos" mean in the context of your > organization. The meaning of "safe" is defined by the organizational > security policy and the meaning of "kerberos" will depend on which > implementation has been used. > > For example there seems to be a school of thought amongst certain > deployers of Active Directory (a component of which is a kerberos KDC) > that it should not be exposed more widely than strictly necessary. There > are however plenty of deployments of Heimdal and MIT KDCs that are exposed > to the world and, incidentally, derive much advantage by so doing. > >
It would be a stand alone MIT KDC (with krb-rsh) on debian lenny. "safe" in the sense of "you better attack the services which depends on kerberos than kerberos itself" PJ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
