----- Original Message -----
> Let us assume just the two systems directly connected to the
> internet. I am specifically interested in what the security
> implications would be, not ways to get around them (e.g. point-to-
> point tunnel). I have read that kerberos was designed for untrusted
> networks, just how untrusted can they be?
I would say that it reallyt depends on your threat model.
With recent versions of FreeIPa we disable by default using DES keys which were
certainly not really secure anymore, given you can easily break DES encryption
in a short enough period and without the need for expensive hardware these
days. AES and RC4 which are the common ones used and even 3DES should be robust
enough to allow to operate in safety, even if traffic is captured and rute
force attacked, for the ticket validity period.
We also always enabled by default required preauthentication for all
principals, which avoid attacks against TGT packets.
What you may want to do however is harden the LDAP server configuration a bit.
You probably want to prevent anonymous connections and also make sure all
connections always are encrypted by setting the right minssf limits.
You need also to decide if you want to expose admin interfaces (kadmin, http)
over the internet or only krb5/ldap.
Freeipa-users mailing list