David Magda wrote: > > And what prevents a Kerberos server from being compromised? Any > system can have a root-kit installed on it. Simple. You don't run any other services on your KDC. All access is via physical connections. Small network footprint results in extremely low chance of hacking.