Henry B. Hotz wrote: > ... > If I had my way, any vendor would need to convince me that they have > solved the KDC robustness problem. I have a hard time imagining a > vendor being able to make money solving this problem unless the > market was bigger than just Kerberos servers.
In the mid 1990s, I was part of a team that designed and deployed a solution using OTPs and Kerberos with robust KDCs using a set of packages from a company by the name of "Cybersafe". It looks like they're still in that game: http://www.cybersafe.com/ The last time I looked at this, we used some patches from umich.edu to provide the robustness for MIT Kerberos: http://www.citi.umich.edu/u/kwc/krb5stuff/replication.html and made some private hacks to MIT Kerberos to do OTP. Darren
