Kerberized Apps
Ken Hornstein
kenh at cmf.nrl.navy.mil
Wed Mar 31 00:06:51 EST 2004
>Here's one thing I don't have working yet, but haven't really sat down
>to puzzle over: We have two KDCs. The master is behind our firewall on
>a private network, but we have a slave on a public network. The only
>way for users outside the private network (which is most of them) to
>change their passwords is to shell into a machine that can reach the
>private network somehow and run kpasswd from there. I'd like some way
>for them to change their password remotely using kpasswd on public
>workstations. Not sure how to work that one out yet. Any ideas?
How about putting the master outside of the firewall, instead of the
slave? I suspect you'll say you're worried about the security of doing
that, but you shouldn't; it's just as bad if someone breaks into your
slave KDC if they break into your master (from a Kerberos perspective,
that is).
--Ken
More information about the Kerberos
mailing list