KDC Hardware

Amir Saad Amir.Saad at bibalex.org
Sun Jan 8 01:56:49 EST 2006 

 
thanks a lot for you reply
actually, i was thinking of two separate machines one for the KDC and the other for the OpenLDAP, i read an article that suggests the separation to avoid to secure the KDC. A machine dedicated for the KDC will guarantee absense of all services except the kdc services and i think this reduces the hacking chances.
please tell me if this is not true..
thanks
Amir Saad
Software Engineer

________________________________

From: kerberos-bounces at mit.edu on behalf of Turbo Fredriksson
Sent: Sat 1/7/2006 12:38 PM
To: kerberos at mit.edu
Subject: Re: KDC Hardware



Quoting Jeffrey Hutzelman <jhutz at cmu.edu>:

> On Friday, January 06, 2006 12:37:51 PM +0100 Turbo Fredriksson
> <turbo at bayour.com> wrote:
>
>> Quoting Jeffrey Hutzelman <jhutz at cmu.edu>:
>>
>>> On Thursday, January 05, 2006 10:03:44 AM +0200 Amir Saad
>>> <Amir.Saad at bibalex.org> wrote:
>>>
>>>> i use Fedora 4, OpenLDAP and Kerberos instead of NIS
>>>> what is the suitable hardware configuration for the KDC to support a
>>>> network with 200 machines? thanks
>>>
>>> Whatever random piece of crap you have lying around will do just fine.
>
>> Note though the 'random piece of crap' note is true when it comes
>> to KERBEROS (that doesn't need ANYTHING regarding power/storage/speed)
>> but not LDAP... That is a lot more demanding...
>
> True.  The original question was about a KDC, not an LDAP server.

Doh, right. Sorry. He just mentioned OpenLDAP so I _assumed_ he would
be running both the LDAP _and_ the KDC on the same host. No point really
to separate them. Or?!?

Security? Nah, both need _extra ordinary security_ so it's easier to
safegard ONE machine than two (* nr of slaves of course :).

Price? Keeping the KDC at the very cheapest and the LDAP a lot more expencive
IS of course a reason, but then you have to take into account how much extra
'resources' (time mostly) to keep an extra machine safe.
But then again, buying one cheap and one more expensive IS more expensive
than buying a 'expencive + some extra for the KDC'...
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list