Kerberos vs. LDAP for authentication -- any opinions?

[Sam Hartman]

>>>>> "David" == David Magda <dmagda+trace040127 at ee.ryerson.ca> writes:


    David> And what prevents a Kerberos server from being compromised?
    David> Any system can have a root-kit installed on it.

The issue is that in the Kerberos model, compromising a mail server or
web server etc doesn't get you much, but in the LDAP model it gets you
passwords.  The Kerberos server itself is still an interesting target
in many Kerberos deployments.