Windows with MIT krb5 and OpenLDAP

Sensei noone at nowhere.org
Sun Apr 11 06:27:51 EDT 2004


Jeffrey Altman wrote:
> Many folks on this list will consider running any services on the same
> machine as the Kerberos KDC to be a security weakness.  You increase the
> attack surface of the machine when you do so.  If the KDC database is
> compromised you have lost everything.  Is it really worth the risk?

No, not now that I know samba does not work with k5/ldap. The only way 
is to have a trusted AD server... sigh!!!

Anyone knows how to make setup and user management easier? I mean, on 
the afs server I will use some scripts to make easier my life... so I 
will have to create users on the AD if I'm right.

Any useful link? AFS is mandatory...
-- 
Sensei    <mailto:senseiwa at tin.it>
           <icqnum:241572242>
           <msn-id:Sensei_Sen at hotmail.com>
A)bort, R)etry, I)nfluence with large hammer.


More information about the Kerberos mailing list