> Risks: > Its centralized.. if the KDC is exploited all bets are off.
Another big one I would add is: - Applications need to be "kerberized". (Pam modules and/or SASL can handle this if your applications support either of them) While most standard applications have solutions or "kerberized" versions available, in house applications might need to be extended. Most applications released aren't kerberized by default so you definitely will need a list of critical apps before you make your proposal. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
