kadmin security requirements

Brian Minard bminard at flatfoot.ca
Sun May 4 10:34:07 EDT 2003


Hello,

I'm curious about an answer in the FAQ which discusess the
administration server.  The answer to question 1.14, says
(in part):

  In most Kerberos implementations there is also an administration
  server which allows remote manipulation of the Kerberos database.
  This administration server usually runs on the KDC.

I'm unclear on a couple of issues arising from these statements.

  (a) are the security requirements for the administration server
  the same as those for the KDC?

  (b) what is considered the best practice for these servers--should
  they reside on the same machine, different machines, or should the
  administration server be turned off?

Thanks,
Brian
-- 
Brian Minard
bminard at flatfoot.ca


More information about the Kerberos mailing list