Kerberos vs. LDAP for authentication -- any opinions?

Sam Hartman hartmans at MIT.EDU
Fri Jan 30 17:32:13 EST 2004


>>>>> "David" == David Magda <dmagda+trace040127 at ee.ryerson.ca> writes:


    David> And what prevents a Kerberos server from being compromised?
    David> Any system can have a root-kit installed on it.

The issue is that in the Kerberos model, compromising a mail server or
web server etc doesn't get you much, but in the LDAP model it gets you
passwords.  The Kerberos server itself is still an interesting target
in many Kerberos deployments.



More information about the Kerberos mailing list