Re: Kerberos on .debian.org?
>>>>> "Jason" == Jason Gunthorpe <jgg@debian.org> writes:
Jason> On 9 Mar 2001, Sam Hartman wrote:
Jason> Or not. We are not doing the central KDC thing for obvious
Jason> reasons.
>> I'm utterly failing to see what these obvious reasons are. I
>> suspect there is a misunderstanding of the security guarantees
>> that debian.org currently has or a misunderstanding of how
>> Kerberos works.
Jason> Kerberos requires a secure central KDC machine w/ the
Jason> possibility for secure replicas. If connectivity between a
Jason> host and the KDC is broken then the host is effectively
Jason> dead in the water which is totally unacceptable for
Jason> us. Further, the fact that a KDC must be very secure to
Jason> protect the keys does not make it a good solution when we
Jason> don't have physical control over our boxes.
That assumes that Kerberos is your primary or only login mechanism.
Turbo proposed supporting Kerberos not replacing LDAP shadow entries
with Kerberos.
I want Kerberos as an option because it would be significantly easier
for me, and because once ssh issues are solved it would be
significantly more secure.
I would like to find a way of using Kerberos instead of LDAP for
shadow entries, but I agree with you that would be difficult.
Reply to: