Windows with MIT krb5 and OpenLDAP

[Jeffrey Altman]

Sensei wrote:
> 
> AFS, Kerberos and LDAP are currently on the same server... and I'll keep 
> it so...

Many folks on this list will consider running any services on the same
machine as the Kerberos KDC to be a security weakness.  You increase the
attack surface of the machine when you do so.  If the KDC database is
compromised you have lost everything.  Is it really worth the risk?