>>>>> "Erik" == Erik Arneson <[EMAIL PROTECTED]> writes:
Erik> On 30-Mar-2004, Ken Hornstein <[EMAIL PROTECTED]> wrote:
>> How about putting the master outside of the firewall, instead
>> of the slave? I suspect you'll say you're worried about the
>> security of doing that, but you shouldn't; it's just as bad if
>> someone breaks into your slave KDC if they break into your
>> master (from a Kerberos perspective, that is).
Erik> Hmmm, that's true, I suppose. I will take a look at that
Erik> option. Thanks for the suggestion!
The only problem I can see having the master outside the firewall is
that if you have a compromise, it will be harder for you to determine
if any changes were made.
However if you have a compromise, you want to be changing veerything
shortly there after, so you probably don't care.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
