High level thoughts on justifying the use of Kerberos
Michael Fair
michael at daclubhouse.net
Mon Mar 17 18:31:52 EST 2003
> Risks:
> Its centralized.. if the KDC is exploited all bets are off.
Another big one I would add is:
- Applications need to be "kerberized".
(Pam modules and/or SASL can handle this if your applications
support either of them)
While most standard applications have solutions or "kerberized"
versions available, in house applications might need to be
extended. Most applications released aren't kerberized
by default so you definitely will need a list of critical
apps before you make your proposal.
More information about the Kerberos
mailing list