Windows with MIT krb5 and OpenLDAP

Jeffrey Altman jaltman2 at nyc.rr.com
Sat Apr 10 23:24:20 EDT 2004


Sensei wrote:
> 
> AFS, Kerberos and LDAP are currently on the same server... and I'll keep 
> it so...

Many folks on this list will consider running any services on the same
machine as the Kerberos KDC to be a security weakness.  You increase the
attack surface of the machine when you do so.  If the KDC database is
compromised you have lost everything.  Is it really worth the risk?


More information about the Kerberos mailing list