High level thoughts on justifying the use of Kerberos

[Michael Fair]

> Risks:
> Its centralized.. if the KDC is exploited all bets are off.

Another big one I would add is:
- Applications need to be "kerberized".
  (Pam modules and/or SASL can handle this if your applications
   support either of them)

While most standard applications have solutions or "kerberized"
versions available, in house applications might need to be
extended.  Most applications released aren't kerberized
by default so you definitely will need a list of critical
apps before you make your proposal.