Re: Kerberos on .debian.org?
On Sat, Mar 10, 2001 at 06:05:55PM +1100, Brian May wrote:
> >>>>> "Jason" == Jason Gunthorpe <jgg@debian.org> writes:
>
> Jason> Kerberos requires a secure central KDC machine w/ the
> Jason> possibility for secure replicas. If connectivity between a
> Jason> host and the KDC is broken then the host is effectively
>
> Just to clarify: ...if connectivity between a users host and the KDC
> is broken...
>
> Jason> dead in the water which is totally unacceptable for
>
> You seem to be implying that when the KDC goes down, future
> connections to servers are impossible. WRONG. It means that users will
> not be able to obtain new tickets, but users who already have tickets
> for the required service will continue to be able to make new
> connections to the remote machines like before.
>
> The remote server never has any need to directly contact the KDC.
Which makes fairly little difference. I doubt most developers would
keep kerberos tickets at all times.
> Jason> us. Further, the fact that a KDC must be very secure to
> Jason> protect the keys does not make it a good solution when we
> Jason> don't have physical control over our boxes.
>
> This sounds like a good argument to me. However, the LDAP database is
> just as vulnerable... Isn't it?
No. We use LDAP as a backend, export to berkeley DB, and replicate out
using rsync.
--
Daniel Jacobowitz Debian GNU/Linux Developer
Monta Vista Software Debian Security Team
"I am croutons!"
Reply to: