[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kerberos on .debian.org?

>>>>> "Jason" == Jason Gunthorpe <jgg@debian.org> writes:

    Jason> Kerberos requires a secure central KDC machine w/ the
    Jason> possibility for secure replicas. If connectivity between a
    Jason> host and the KDC is broken then the host is effectively

Just to clarify: ...if connectivity between a users host and the KDC
is broken...

    Jason> dead in the water which is totally unacceptable for

You seem to be implying that when the KDC goes down, future
connections to servers are impossible. WRONG. It means that users will
not be able to obtain new tickets, but users who already have tickets
for the required service will continue to be able to make new
connections to the remote machines like before.

The remote server never has any need to directly contact the KDC.

    Jason> us. Further, the fact that a KDC must be very secure to
    Jason> protect the keys does not make it a good solution when we
    Jason> don't have physical control over our boxes.

This sounds like a good argument to me. However, the LDAP database is
just as vulnerable... Isn't it?
-- 
Brian May <bam@debian.org>
Reply to: