Quoting "Amir Saad" <[EMAIL PROTECTED]>: > so sorry i didn't mean that, i mean to secure not to avoid to secure (so > sorry!)
Ah, that explains a lot :) But you should keep the LDAP server (just as) safe as well. As I said in the mail, it's not nearly as important as the KDC, but it is important enough that if it gets cracked, you (nor your users) will be able to login nor do any work. Theoretically you can, but can you guarantee that noone is 'listening' (on the authentication, authorization and what not)... If 'they' do, then you can consider your KDC cracked as well. This is the reason why _I_ recommend having both on the same machine... If it gets cracked, you're screwed anyway (untill you get another machine up and running and all that that's needed after someone have broken into your system). As I see it, it doesn't matter if 'they' crack the LDAP server or the KDC, both are such a vital part of the/your network, you can't survive without _both_ (at the same time). ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
