Kerberos vs. LDAP for authentication -- any opinions?

Jeffrey I. Schiller jis at MIT.EDU
Fri Jan 30 16:21:38 EST 2004


It is much easier to protect one (or a few) Kerberos server then it is
to protect all servers.

In our situation we have security people running the Kerberos server
and we are paranoid about how it is maintained. Generic servers on the
otherhand can be (and are) run by all sorts of people, many who have
little security clue.

			-Jeff

On Thu, Jan 29, 2004 at 06:58:08PM -0500, David Magda wrote:
> Jeffrey Altman <jaltman2 at nyc.rr.com> writes:
> 
> [...]
> > usernames and passwords across the network to a potentially
> > compromised machine in order for them to be validated against the
> > copies stored in LDAP.
> [...]
> 
> And what prevents a Kerberos server from being compromised? Any
> system can have a root-kit installed on it.
> 
> -- 
> David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
> Because the innovator has for enemies all those who have done well under
> the old conditions, and lukewarm defenders in those who may do well 
> under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 


More information about the Kerberos mailing list