On Sun, Mar 16, 2003 at 05:52:12PM -0800, Mike wrote: > I'm getting ready to propose the use of Kerberos in our division. > I've done some reading up on the subject and in general I like what I > see. However, I have this nagging thought in my head that my > management and some of the network weenies will have reservations. > Good! Kerberos is a pretty fair way to go if you are going to use a trusted third party model for your authentication. Keep in mind kerberos is an authentication method, and not an "authorization" method. That is, depending on your needs you may have to layout a plan for handling authorization for your systems. (ie. Just because someone has a krb5 ticket, meaning they have succesfully authenticated, doesn't mean that person should be allowed on machine X.)
> My question is to formalize a list of the benefits and risks of > implementing Kerberos. Specifically, are there things that I should > be worried about? I know this is very open ended and somewhat vague > but that's my starting point on the issue. I want to try to head off > any FUD attacks and also want to understand the implications of what > I'm proposing. > Hmm. Heres some of my thoughts on a list for you: Benefits: Centralized authentication mechanism Support for Windows, MAC, UNIXes of various flavors... Encryption Risks: Its centralized.. if the KDC is exploited all bets are off. Thats a short list, Im sure I could come up with more as could others.. but Im a little short on time this evening. ;) Good luck, I would expect your management to welcome kerberos, even the network folks shouldnt really be bothered. I cant imagine why they would care one way or another.. its just a couple of ports. ;) ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
