>Here's one thing I don't have working yet, but haven't really sat down >to puzzle over: We have two KDCs. The master is behind our firewall on >a private network, but we have a slave on a public network. The only >way for users outside the private network (which is most of them) to >change their passwords is to shell into a machine that can reach the >private network somehow and run kpasswd from there. I'd like some way >for them to change their password remotely using kpasswd on public >workstations. Not sure how to work that one out yet. Any ideas?
How about putting the master outside of the firewall, instead of the slave? I suspect you'll say you're worried about the security of doing that, but you shouldn't; it's just as bad if someone breaks into your slave KDC if they break into your master (from a Kerberos perspective, that is). --Ken ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
