Re: Kerberos on .debian.org?
>>>>> "Jason" == Jason Gunthorpe <jgg@debian.org> writes:
Jason> Kerberos requires a secure central KDC machine w/ the
Jason> possibility for secure replicas. If connectivity between a
Jason> host and the KDC is broken then the host is effectively
Just to clarify: ...if connectivity between a users host and the KDC
is broken...
Jason> dead in the water which is totally unacceptable for
You seem to be implying that when the KDC goes down, future
connections to servers are impossible. WRONG. It means that users will
not be able to obtain new tickets, but users who already have tickets
for the required service will continue to be able to make new
connections to the remote machines like before.
The remote server never has any need to directly contact the KDC.
Jason> us. Further, the fact that a KDC must be very secure to
Jason> protect the keys does not make it a good solution when we
Jason> don't have physical control over our boxes.
This sounds like a good argument to me. However, the LDAP database is
just as vulnerable... Isn't it?
--
Brian May <bam@debian.org>
Reply to: